One of the larger breaches in 2014 involved a Los Angeles County contractor, Sutherland Healthcare Solutions. The theft of some of their computer equipment with unencrypted patient identity and clinical information was disclosed in March 2014, and within days, a potential class action lawsuit had been filed. The breach impacted approximately 3420,000 patients of the Los Angeles County departments of Health Services and Public Health as well as patients at City of Hope Hospital and San Francisco General Hospital and Trauma Center.
But as we’ve seen in other California cases involving Eisenhower Medical Center, Alere Home Monitoring, and Sutter Health, simply demonstrating a breach involving confidential information occurred is not enough for patients to prevail in any lawsuit under the state’s Confidentiality of Medical Information Act. The courts have held that the plaintiffs need to demonstrate that at the very least, the data were actually exposed to others (i.e., viewed by others), and not just stolen.
So it should come as no surprise that on Friday, a judge indicated she would dismiss the lawsuit against Los Angeles County and Sutherland if the plaintiffs can’t demonstrate that the medical information was actually exposed.
Law360 has the story, but you’ll need a subscription to access it.
Note that this case appears to still be open on HHS’s breach tool, although for some reason, the number affected is reported as 55,900.