The case arose out of the theft of a health care provider’s computer. The medical records of more than four million patients were stored on the computer’s hard drive in password-protected but unencrypted format, and the office from which the computer was taken did not have a security alarm or security cameras. (Slip opn., p. 4.) Plaintiffs filed an action under the CMIA seeking to represent, in a class action, all of the patients whose records were stolen, with a potential award of $4 billion against the health care provider. (Id. at p. 3.) The health care provider demurred to the complaint on the ground that the complaint did not allege that any unauthorized person actually viewed the stolen records. The trial court overruled the demurrer. (Id. at p. 5.)
The Court of Appeal granted the defendant’s petition for a peremptory writ of mandate and directed the trial court to sustain the defendant’s demurrer without leave to amend and to dismiss the action. (Slip opn., p. 14.) The court held that, “[the] legislation at issue is the ‘Confidentiality of Medical Information Act,’ not the Possession of Medical Information Act. . . . While loss of possession may result in breach of confidentiality, loss of possession does not necessarily result in a breach of confidentiality. For that reason, a plaintiff must allege a breach of confidentiality, not just a loss of possession, to state a cause of action for nominal or actual damages under sections 56.101.” (Id. at p. 12.)
Each of the firm's offices include partners, associates and a professional staff dedicated to meeting the challenge of providing the firm's clients with extraordinary service.