Consumer Federation of California

Update 10/20/14: The state Supreme Court has declined to review the case.

SAN FRANCISCO, OCTOBER 14 — It’s time for the state’s highest court to determine when to hold a medical care provider liable for compromised patient data, according to plaintiffs lawyers who lost a privacy case against Sutter Medical Foundation this summer.

The lawyers argue state appellate courts are at odds over whether the theft of patient records from a health care provider constitutes a violation of California’s medical confidentiality act, even if there is no evidence to suggest anyone read the stolen data. The Second District Court of Appeal said ‘yes’ last year in a case involving UCLA, they argue, but the Third District, ruling in July in Sutter Health v. Superior Court, concluded the patient privacy law had not been breached.

Plaintiffs lead appellate lawyers C. Brooks Cutter of Kershaw, Cutter & Ratinoff in Sacramento and solo Richard Rosenthal in Tiburon highlighted that discrepancy in petitioning the California Supreme Court to review the Sutter Health case. Though both appellate panels ultimately sided with the hospitals, the Second District offered plaintiffs a glimmer of hope by accepting they adequately pleaded liability, just not damages.

“Review by this court therefore is necessary to secure uniformity of decision,” the lawyers wrote in their petition, “to provide guidance to [the Department of Public Health] regarding the proper scope of its regulatory role in this area, and to protect the informational privacy rights of all Californians, whose highly-sensitive medical records are increasingly at risk in this digital age.”

Continue reading »
The Recorder provides free access to up to five articles per month.

Tags: Data Breach, Medical Privacy