Antitrust and Consumer Protection
Competition: Spring 2015, Vol. 24, No. 1
Content
- California Antitrust and Unfair Competition Law and Federal and State Procedural Law Developments
- Chair's Column
- Editor's Note
- How Viable Is the Prospect of Enforcement of Privacy Rights In the Age of Big Data? An Overview of Trends and Developments In Consumer Privacy Class Actions
- Keynote Address: a Conversation With the Honorable Kathryn Mickle Werdegar, Justice of the California Supreme Court
- Major League Baseball Is Exempt From the Antitrust Laws - Like It or Not: the "Unrealistic," "Inconsistent," and "Illogical" Antitrust Exemption For Baseball That Just Won't Go Away.
- Masthead
- Nowhere To Run, Nowhere To Hide: In the Age of Big Data Is Data Security Possible and Can the Enforcement Agencies and Private Litigation Ensure Your Online Information Remains Safe and Private? a Roundtable
- Restoring Balance In the Test For Exclusionary Conduct
- St. Alphonsus Medical Center-nampa and Ftc V St. Luke's Health System Ltd.: a Panel Discussion On This Big Stakes Trial
- St. Alphonsus Medical Center - Nampa, Inc., Et Al. and Federal Trade Commission, Et Al. V St. Luke's Health System, Ltd., and Saltzer Medical Group, P.a.: a Physicians' Practice Group Merger's Journey Through Salutary Health-related Goals, Irreparable Harm, Self-inflicted Wounds, and the Remedy of Divestiture
- The Baseball Exemption: An Anomaly Whose Time Has Run
- The Continuing Violations Doctrine: Limitation In Name Only, or a Resuscitation of the Clayton Act's Statute of Limitations?
- The State of Data-breach Litigation and Enforcement: Before the 2013 Mega Breaches and Beyond
- The United States V. Bazaarvoice Merger Trial: a Panel Discussion Including Insights From Trial Counsel
- United States V. Bazaarvoice: the Role of Customer Testimony In Clayton Act Merger Challenges
- The Doctor Is In, But Your Medical Information Is Out Trends In California Privacy Cases Relating To Release of Medical Information
THE DOCTOR IS IN, BUT YOUR MEDICAL INFORMATION IS OUT TRENDS IN CALIFORNIA PRIVACY CASES RELATING TO RELEASE OF MEDICAL INFORMATION
By Joseph R. Tiffany II, Connie J. Wolfe, Ph.D. and Allen Briskin1
Privacy breaches continue to be big news. In California, breaches of health care information are particularly sensitive, due to a number of state laws that provide legal remedies not available in other jurisdictions. While California’s Civil Code sections 1798.29, 1798.82 and its Unfair Competition Law ("UCL")2 are often relied on to remedy breaches of privacy, California also has the Confidentiality of Medical Information Act ("CMIA"),3 providing that an individual may recover $1,000 in nominal damages (plus actual damages if any) based on the negligent release of medical information by a health care provider or other covered party. As health care providers have moved toward the storage of medical data in large electronic databases containing information regarding many thousands of individuals, the potential number of people who may be affected by a single unauthorized release of medical information and the accompanying potential liability have skyrocketed. Until the past two years, however, there was little published authority interpreting the CMIA’s definition of "medical information" or its prohibition on the "release" of such information. California courts have now provided guidance on these two critical issues affecting the potential liability of providers and others who sustain health care data breaches.
I. SCOPE OF THE CMIA
The CMIA, enacted in 1981 and since amended several times, obligates any "provider of health care, health care service plan, pharmaceutical company or contractor" to maintain "medical information . . . in a manner that preserves the confidentiality of the information contained therein."4 "Contractors" under the CMIA include medical groups, independent practice associations, certain pharmaceutical benefits managers and medical service organizations. The CMIA has recently been broadened to cover businesses that are "organized for the purpose of maintaining medical information" and "any business that offers software or hardware to consumers, including a mobile application or other related device that is designed to maintain medical information" (e.g., personal health record vendors), even though such entities are excluded from the definition of "provider of health care for purposes of any law other than this part, [section 56.06]."5