Sutter Health v. Super. Ct. of Sacramento County (Summary)

PATIENT CONFIDENTIALITY

Sutter Health v. Super. Ct. of Sacramento County
C072591 (Cal. Ct. App. July 21, 2014)

The California Court of Appeal dismissed a class action lawsuit against a health care provider for an alleged breach of confidentiality. A thief broke into a Sutter Health office and stole a computer which contained medical records of about four million patients. A class action was brought against Sutter by the patients whose records were stolen, claiming a breach of the California Confidentiality of Medical Information Act, Cal. Civ. Code §56 et seq. The Act provides for nominal damages of $1,000 per patient.

The appellate court dismissed the class action because the patients did not allege that their medical information was actually viewed by any unauthorized person. The court reasoned that the mere possession of the medical records by an unauthorized person was insufficient to establish a breach of confidentiality if the unauthorized person has not viewed the records. Here, the patients could not establish that there was a breach because the stolen records were password protected and they did not know if the records were actually ever viewed.