A game changer?
After a spate of data breaches impacting patients across the country, this week’s court ruling alleviating a California organization of liability came as a bit of a surprise.
The California Third District Court of Appeal ordered the dismissal of 13 coordinated class action lawsuits filed following the October 2011 theft of a Sutter Health unencrypted desktop computer containing patient data for about 4.2 million patients. The lawsuit was potentially one of the largest class actions to date involving a health data breach.
The court’s finding that Sutter Medical Foundation did not violate California’s medical confidentiality act, absolving the institution of a potential $4 billion in statutory damages.
Sutter is not held liable because no one actually accessed the records, wrote Justice George Nicholson. “The legislation at issue is the ‘Confidentiality of Medical Information Act,’ not the 'Possession of Medical Information Act',” he ruled.
In a statement, Sutter officials said it is "pleased that the judicial process resulted in a ruling that will end litigation, which, if it had continued, would have diverted resources better spent on patient care, and would have increased the likelihood that private patient records would be used in litigation, even though no injury to patient confidentiality ever resulted from the theft."
The plaintiffs are appealing the decision.
It will be interesting to see how this court decision impacts future class action lawsuits related to data breaches.
Beth Walsh
Clinical Innovation + Technology editor
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.