Lawsuits Dismissed Following 2011 Computer Theft
The California Third District Court of Appeal today ordered the complete dismissal of 13 coordinated class action lawsuits filed following the October 2011 theft of a Sutter Health password-protected computer containing patient data.
The complaints had alleged violations of the California Confidentiality of Medical Information Act (CMIA or Confidentiality Act). Nearly three years after the theft of the computer from a Sutter Health administrative building, the Court of Appeal ruled (Sutter Health v. Superior Court, No. C072591; July 21, 2014) that the plaintiffs failed to state a cause of action under the Confidentiality Act because “they did not allege that the stolen medical information was actually viewed by an unauthorized person.” In fact, no information from the stolen computer ever surfaced after the building break-in and theft.
The Court of Appeal ruled that Sutter Health did not intend to disclose the medical information to the thief, and that Sutter Health’s actions with respect to the records did not fail to preserve their confidentiality, because loss of possession alone is “not a breach of confidentiality.”
The Court of Appeal noted that the thief may well have “wipe(d) clean” the stolen hard drive without seeing the data and that, under the circumstances, no injury intended to be protected by CMIA was suffered.”
“Sutter Health is pleased that the judicial process resulted in a ruling that will end litigation, which if it had continued would have diverted resources better spent on patient health care,” said Sutter Health spokesperson Bill Gleeson. “Continued litigation would also have increased the likelihood that private patient records would be used in litigation, even though no injury to patient confidentiality ever resulted from the theft.”