Health breach lawsuit dismissals could prove relevant to similar cases

An appellate court's decision to uphold a pair of class-action lawsuit dismissals related to a 2013 hospital data breach could prove relevant to similar current lawsuits, according to a HealthcareInfoSecurity article.

The lawsuits, brought by individuals impacted by a 2013 incident in which four unencrypted laptop computers were stolen from Park Ridge, Illinois-based Advocate Medical Group, alleged that parent company Advocate Health and Hospitals Corp. was in violation of the Fair Credit Reporting Act. The theft compromised personal information for more than four million patients--including names, addresses, Social Security numbers and birthdates--but not medical records or personal financial information. 

The lawsuits initially were dismissed this past May and July, respectively, according to HealthcareInfoSecurity. Then, earlier this month, an appellate court upheld the rulings, although a hearing to reconsider the May ruling is scheduled for early September. The judge called the allegation that plaintiffs were harmed because of the breach "speculative."

Attorney Brad Rostolsky of Philadelphia-based firm Reed Smith told HealthcareInfoSecurity the ruling could mean that courts don't want to apply the Fair Credit Reporting Act to such cases. The case was dismissed, he said, primarily "because Advocate was determined not to meet the definition of 'consumer reporting agency.'"

Class-action lawsuits have been filed in several recent data breach cases. For instance, UCLA Health faces a pair of lawsuits following a breach announced last month in which personal and medical information for as many as 4.5 million patients may have been compromised. One of the lawsuits accuses the health system of fraud, invasion of privacy, breach of contract, negligence and a violation of California laws such as the Confidentiality of Medical Information Act.

And five class-action lawsuits have been filed against Mountlake Terrace, Washington-based health insurer Premera following the announcement of a cyberattack that compromised information for roughly 11 million customers.

In April, a judge dismissed a class-action lawsuit against Horizon Blue Cross Blue Shield of New Jersey stemming from a 2013 data breach in which laptops of Horizon members were stolen. Meanwhile last fall, two class-action lawsuits against a pair of hospitals that suffered breaches were dismissed in California.

To learn more:
- read the HealthcareInfoSecurity article