California Supreme Court Upholds Dismissal of Massive Data Breach Case

October 15, 2014

The California Supreme Court issued an Order denying plaintiffs’ Petition for Review, thus allowing the California Third District Court of Appeal’s landmark decision in Sutter Health v. Superior Court, No. C072591 (July 21, 2014) to stand with finality, ending 3 years of litigation against the firm’s client Sutter Health.  Rob Bunzel, Mike Abraham, Bill Edlund, Simon Goodfellow and Zaneta Butscher successfully represented Sutter.  View PDF copy of Sutter’s prevailing brief in the Supreme Court filed September 29, 2014 arguing against further review.  View a PDF copy of the October 15, 2014 Order.  Thirteen consolidated cases that are now dismissed had alleged violations of the California Confidentiality of Medical Information Act, following an October 2011 theft from a Sutter Health Sacramento administrative building of a password-protected computer containing data for 4 million patients.  The Confidentiality Act, also known as CMIA, presents nominal damages risk by statute of $1,000 per patient.  The class plaintiffs argued Sutter Health could have done more to safeguard the data, and that its “release” was sufficient to state a claim. In 2012 the Court of Appeal issued an extraordinary writ to review the trial court’s decision that had denied Sutter Health’s pleading challenges.  Very few such writs are ever entertained.  The Court of Appeal in July 2014, now upheld by the state Supreme Court, ruled: “plaintiffs have failed to state a cause of action under the Confidentiality Act because they do not allege that the stolen medical information was actually viewed by an unauthorized person.”  The firm is proud to have been of assistance to Sutter Health in this matter.