A class-action lawsuit was filed against Sutter Health in connection with the theft of a desk top computer that held personally identifiable data of nearly 4.3 million patients (
see related story).
The suit asks a California court to require Sutter to encrypt its data at rest and seeks $1,000 a person in damages for each member of the class of nearly 1 million people whose records were on the stolen office computer. The 10-page complaint filed in Sacramento Superior court names Karen Pardieck as the lead plaintiff and Sutter Health, Sutter Medical Foundation and Sutter Physician Services as defendants.
Pardieck received a letter dated Nov. 16 from Sutter Medical Foundation CEO Tom Blinn informing her of the breach, according to the complaint. The proposed class consists of “more than 944,000 Sutter patients” who received similar letters. Sutter disclosed in a Nov. 16 statement that the computer was stolen from an administrative office in Sacramento the weekend of Oct. 15. The lawsuit contends that Sutter failed to properly secure the medical information in violation of the California Confidentiality of Medical Information Act.
It specifically alleges that “Sutter is and was negligent by failing to store its patients' medical information in an encrypted form” and “unreasonably delayed” its notification for at least 30 days in violation of state law. Sutter Communications Director Karen Garner said in an e-mail that Sutter hadn't reviewed the complaint and couldn't comment on pending litigation. “I do want to reiterate that we take our responsibility of providing quality care very seriously, and that includes protecting our patients' personal and medical information.”
