Appeals Court Absolves Sutter Health in Data Breach Case
July 21, 2014
The California Third District Court of Appeal in a published decision today ordered dismissal without leave to amend of thirteen coordinated class action lawsuits filed in late 2011. Sutter Health v. Superior Court, No. C072591 (July 21, 2014). View full story in pdf format published in The Recorder. Rob Bunzel, Mike Abraham, Bill Edlund, Simon Goodfellow and Zaneta Butscher represented Sutter. The thirteen cases had alleged violations of the California Confidentiality of Medical Information Act, following an October 2011 theft from a Sutter Health Sacramento administrative building of a password-protected computer containing data for 4 million patients. The Confidentiality Act, also known as CMIA, presents nominal damages risk by statute of $1,000 per patient. The class plaintiffs argued Sutter Health could have done more to safeguard the data, and that its “release” was sufficient to state a claim. In 2012 the Court of Appeal issued an extraordinary writ to review the trial court’s decision that had denied Sutter Health’s pleading challenges. Very few such writs are ever entertained. Now, as the firm urged it to do, the Court of Appeal has ruled: “plaintiffs have failed to state a cause of action under the Confidentiality Act because they do not allege that the stolen medical information was actually viewed by an unauthorized person,” and that “loss of possession” of the material alone does not show a “breach of confidentiality.” View attached pdf to read decision. Sutter Health issued a statement that “it is pleased that the judicial process has resulted in a ruling that will end litigation, which if it had continued would have diverted resources better spent on patient care, and would have increased the likelihood that private patient records would be used in litigation, even though no injury to patient confidentiality ever resulted from the theft.” The firm is delighted to have been of assistance to Sutter Health in this matter.