BCLP wins case of first impression for nonprofit health center in data breach class action

In a case of first impression, BCLP’s Class Action Team obtained a ruling from a federal court which advances a novel legal theory – that nonprofit, federally supported health centers are immune from suit for data breach class actions under the Federally Supported Health Center Assistance Act (FSHCAA). The decision has enormous implications for nonprofit health centers nationwide.

The United States District Court for the Southern District of California held that BCLP client Neighborhood Healthcare was immune from suit in a putative class action alleging violations of California’s Confidentiality of Medical Information Act (CMIA). Plaintiff Jane Doe alleged that Neighborhood failed to adequately safeguard her electronic patient health records in connection with a highly publicized ransomware attack on Neighborhood’s data hosting provider.

BCLP advanced the novel theory that maintaining and securing confidential electronic patient health records is an essential part of providing effective health care and is required under federal regulations, and is therefore a “related function” for purposes of the FSHCAA. Based on this court decision, nonprofit health care providers should carefully consider whether to seek deeming status, the purchase of cyber-insurance, and how best to respond in the event of a breach involving patient health records.

Partner Daniel Rockey, co-leader of the firm’s Data Privacy, Telecommunications & Collections Class Action Team, led this work for client Neighborhood Healthcare, with support from LaDawn Burnett. The matter is the subject of a recent client alert – read the full text here.