Skip to Main Content

HIPAA Complaint Seeks Class Action Status [Ober|Kaler]

Health Law Alert

A complaint filed in the Superior Court of California on March 14, 2014, requested certification as a class action and sought a wide variety of damages arising from a breach of personal information. Doe vs. Sutherland Health Care Solutions Inc.; County of Los Angeles, et al., No. BC 539436. According to the complaint, in some cases on the plaintiff’s “information and belief,” Sutherland is a billing company providing services for the Los Angeles County Department of Health Services and Department of Health. There are six separate causes of action, all arising under California statutory and common law. (HIPAA does not specify a private right of action for individuals.) The damages sought include not only the cost of identity theft but also, among other things, damages for lower credit scores, time spent rectifying credit problems, purchasing a home security service and for “fear, anxiety and stress.” The allegations are that an unencrypted lap top containing information of “hundreds of thousands” of individuals was stolen from Sutherland. No response to the complaint has been filed as of the date of this publication. In general, however, two things are particularly interesting about the complaint. The first is that the plaintiff seeks to have it brought as a class action. Under the California requirements cited in the complaint, the matter could go forward as a class action because (i) the defendants are so numerous that joining them as individuals is impracticable; (ii) common questions of law and fact will be the predominant issues in the case; (iii) the designated plaintiff will fairly and adequately represent all members of the class; (iv) a class action is a superior means of obtaining a fair and efficient adjudication of the matter; and (v) information available from the defendants will allow notice to members of the class to be notified of the class action. The complaint is also interesting because both the County (the client) and Sutherland (the contractor) are alleged to be liable, based in large part on the Sutherland’s alleged lack of encryption of the stolen laptop. The complaint states several theories of joint liability.

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept