This week, a California appellate court dismissed a lawsuit against the Sacramento, Calif.-based Sutter Health, for a data breach that occurred in 2011.
In 2011, a desktop computer was stolen from Sutter's South Natomas office and the data of four million patients was breached. The California court ruled that because the perpetrators had not viewed patients' personal health data, the health system wasn't liable for civil damages. The plaintiffs alleged that the system violated California’s Confidentiality of Medical Information Act and was seeking $1,000 per patient. The total could have been up to $4 billion in damages, according to The Sacramento Bee.
At first, Sacramento Superior Court didn't throw out the complaint, saying that their complaints were sufficient without the unauthorized access. However, judges from the 3rd District Court of Appeal said the access was necessary. According to KFBK, the plaintiffs will take it to the state's highest court.
This is the second time in as many months where a provider has been let off the hook for damages after a data breach. In June, the California Court of Appeals ruled in favor of Eisenhower Medical Center in Rancho Mirage, Calif., saying that the 524-bed, community hospital is not liable for releasing personal identifying information on patients if that information doesn't include medical history, mental or physical condition, or treatment.