California Appeals Court Rules Hospital Not Liable for Data Breach
May 27, 2014 in News
Last week, an appellate court in California ruled that Rancho Mirage, Calif.-based Eisenhower Medical Center is not liable for a data breach involving the private information of more than half a million patients, Health Data Management reports.
Background on Breach, Lawsuit
In March 2011, a computer containing an index of more than 500,000 patients was stolen from EMC. Data on the computer included patients’:
- Dates of birth;
- Last four digits of Social Security numbers;
- Medical record numbers; and
A class-action lawsuit was filed against the center alleging that it violated the state’s Confidentiality of Medical Information Act. It sought $1,000 for each patient whose data were compromised by the breach (Goedert, Health Data Management, 5/23).
EMC filed for appeal with the state’s Fourth Appellate Court after the Superior Court of Riverside County rejected the hospital’s request for summary judgment that the breach did not result in the disclosure of medical data.
Details of Appeals Court Ruling
The three-judge panel last week ruled that EMC is not liable for the breach because the patient data involved did not contain more complete information about patients’ medical histories.
According to the ruling, “Plaintiffs primarily argued that the mere fact that a person’s name is on the index reveals that he or she was a patient and, thus, there has been a release of medical history.”
However, the judges ruled that “a prohibited release by a health care provider must include more than individually identifiable information but must also include information relating to medical history, mental or physician condition, or treatment of the individual” (Kenealy, Business Insurance, 5/23).
The case now will return to the lower court in Riverside County for consideration (Health Data Management, 5/23).