California Court of Appeals has ruled in favor of Eisenhower Medical Center in Rancho Mirage, Calif., saying that the 524-bed, community hospital is not liable for releasing personal identifying information on patients if that information doesn't include medical history, mental or physical condition, or treatment.
The court said that the healthcare provider organization is not liable under the California’s Confidentiality of Medical Information Act (CMIA) because that medical data was not released. The CMIA says its unlawful when a provider releases a patient's medical data without obtaining prior authorization, and defines medical data as individual identifiable information on a patient’s medical history, mental or physical condition, or treatment.
The original suit, from the Superior Court of Riverside County on behalf of patients, argued that Eisenhower broke the law in accordance with the CMIA when a computer with information about over 500,000 patients was stolen in 2011. The information included person’s name, medical record number, age, date of birth, and last four digits of the person’s Social Security number. Eisenhower Medical countered by saying that they didn't disclose medical information as defined in the CMIA. The court agreed with Eisenhower Medical.
