The Increasing Risk of Class Action Litigation from Healthcare Data Breaches

Posted May 15, 2012, 3:48 pm by Jorge Flores

Image of Jorge

Jorge Flores

In this digital age, privacy is seemingly becoming more of a distant ideal than a reality. The “digitization” of important information and records, while creating efficiencies and improving data flow, has also exponentially increased the risks of associated privacy issues concerning this data. This has especially been the case in the healthcare industry. Data breaches involving healthcare information, or from healthcare facilities, is drastically on the rise. This year we have already seen dozens of data breaches stemming from the healthcare industry. These breaches have exposed over half a million records to potential criminals and data thieves in 2012 alone. Even more shocking is that an estimated 18 million confidential patient records have been breached in just the past two years!

Cyber criminals aren’t the only ones particularly benefitting from these data breaches. Data breach mitigation is a potentially billion dollar industry for law firms. And they have been acting swiftly to try and cash in on this seemingly perfect storm of criminal mischief and medical provider negligence. Class action lawsuits have been the vehicle of choice as of late and there are a number of high profile pending cases out there that will surely set precedent to these untested legal waters.

California, for example, has a unique state law called the Confidentiality of Medical Information Act (CMIA) that was passed in 1981. Logically enough, it states that a patient’s information must be kept confidential. The law provides for damages of $1,000 per person per violation of the CMIA. To put this into perspective with the scale of the breaches going on today, let’s go over a couple pending cases right now.

  • St. Joseph’s Health System is facing a class action breach case currently. The complaint stems from an incident in which the hospital allowed private patient data to be searchable online and indexed by Google for a period of about seven months. This data included full patient names, BMI, smoking status, blood pressure, lab results, diagnoses, allergies, demographic info, race, gender, date of birth, and so on for 31,800 patients. The plaintiff firm is seeking damages of $1,000 per record in accordance with the CMIA. If successful, St, Joseph’s could be on the hook for $31.8 million.
  • Sutter Health, a hospital system in Northern California, is facing a class action case of dramatic proportions. This suit stems from an incident in which a thief threw a rock through a window and stole a desktop computer with the unencrypted medical information of 4.24 million people. The hospital was in the process of encrypting all of their computer systems with the emphasis going on mobile devices first. The plaintiff firm is again seeking damages of $1,000 per record under the CMIA which, if successful, would equate to a $4.5 billion payout from Sutter.

These are two examples of high profile cases that will shape the legal environment of healthcare information privacy litigation. As you can see from their differing origins, it doesn’t matter if you are hacked, physically broken into, or lose some type of patient information on a mobile device. The door for class action suits and devastating settlements is quickly being blown open. That is why is more important than ever to make sure that your sensitive patient information is secure. If you are unsure on how to do this, consider having a managed service provider take charge of your information security and sensitive data flow. You will be investing into your company’s security. In this information age, it only takes one person and a few minutes to potentially clear out your patient database and leave you with nothing but a multi-million dollar lawsuit.


Filed under: Healthcare
Edited January 12, 2018 by Glenn
Listed in Communities: Our Site

You must be logged in to post comments.