Local: (805)-371-3680 | Toll Free: (800) 240-CHIV
Sources: HealthData Management, The Advisory Board Company, and Business Insurance
An appellate court in California has ruled that Rancho Mirage-based Eisenhower Medical Center (EMC) is not liable for a data breach involving the private information of more than half a million patients.
Background on the breach
In March 2011, a computer containing an index of more than 500,000 patients was stolen from EMC. Data on the computer included patients’:
- Ages;
- Dates of birth;
- Last four digits of Social Security numbers;
- Medical record numbers; and
- Names.
A class-action lawsuit was filed against the center alleging that it violated the state’s Confidentiality of Medical Information Act. It sought $1,000 for each patient whose data were compromised by the breach.
EMC filed for appeal with the state’s Fourth Appellate Court after the Superior Court of Riverside County rejected the hospital’s request for summary judgment that the breach did not result in the disclosure of medical data.
Details of the appeals court ruling
The three-judge panel last week ruled that EMC is not liable for the breach because the patient data involved did not contain more complete information about patients’ medical histories.
According to the ruling, “Plaintiffs primarily argued that the mere fact that a person’s name is on the index reveals that he or she was a patient and, thus, there has been a release of medical history.”
However, the judges ruled that “a prohibited release by a health care provider must include more than individually identifiable information but must also include information relating to medical history, mental or physician condition, or treatment of the individual.”
The case now will return to the lower court in Riverside County for consideration (Goedert, Health Data Management, 5/23; Kenealy, Business Insurance, 5/23).
To make sure you have proper coverage, contact Chivaroli & Associates.
