July 23, 2014
Area(s) of Interest: Electronic Health Records Patient Privacy
The Court of Appeal issued a published opinion this week in the case of Sutter Health v. Superior Court limiting the application of the nominal damages provision under the Confidentiality of Medical Information Act (CMIA). The court concluded that under the CMIA a breach of confidentiality by a health care provider must include more than the possession of medical records by an unauthorized person, but must also include an unauthorized viewing of the information for the patient to recover nominal damages under the CMIA.
In this case, a Sutter Health computer containing medical records of 4 million patients was stolen. The medical records were stored on the computer’s hard drive in a password-protected but unencrypted format.
The plaintiffs filed a class action lawsuit under the CMIA for Sutter Health’s breach of confidentiality of their medical records and sought $1,000 in nominal damages for each individual.
Sutter Health argued that the stolen medical records did not constitute a breach of confidentiality because there were no allegations that any unauthorized person viewed the stolen information. The trial court disagreed and held that a breach under the CMIA may occur “without alleging that an unauthorized person had viewed the medical information.”
The Court of Appeal, however, overturned the trial court's decision and ordered that the action be dismissed. The court held that in order for the plaintiffs to recover nominal damages under the CMIA, an unauthorized person must have viewed the medical information to constitute a breach of confidentiality.
This is the third court decision at the appellate level in the past two years dealing with nominal damages under the CMIA. In the fall of 2013 and spring of 2014, two courts limited the application of nominal damages in class action lawsuits in the cases of Eisenhower Medical Center v. Superior Court and Regents of the University of California v. Platter.
The California Medical Association (CMA) filed an amicus brief for Platter and argued that the broad application of the CMIA’s nominal damages provision puts California physicians at risk for devastating lawsuits that can increase the cost of health care and ultimately create barriers to patient access to care. Broad application of the provision would allow for exorbitant damages that can be disproportionate to the underlying violation by the defendants or the actual harm suffered by the plaintiffs and could have a dire financial impact on health care providers, directly undermining the viability of their practice and their ability to provide medical care. CMA believes that CMIA’s provisions should be applied in a way that balances the protection of privacy of patient medical information without placing excessive burdens on health care providers.
For a copy of the Sutter Health.
Contact: CMA Center for Legal Affairs, (800) 786-4262 or firstname.lastname@example.org.