http://healthitsecurity.com/2014/01/06/omnicell-data-breach-suit-dismissal-healthcare-ramifications/
By Patrick Ouellette
healthitsecurity.com
January 6, 2014
A lawsuit against Omnicell stemming from a 2012 health data breach was
recently dismissed, in part, because the plaintiff failed to prove damages
related to the breach. The interesting part of the dismissal, however, was
that there were four separate defendants that were involved that used
different defenses. Omnicell served as a business associate (BA) for
Sentara Healthcare, South Jersey Health System, Inc., (now Inspira Health
Network, Inc.) and the Board of Regents of the University of Michigan when
laptop with some of their unencrypted PHI had been stolen from an
employee’s car in 2012.
Read the dismissal decision here.
In dismissing the case, the court provided a strong reminder that suing
for damages in a private cause of action related to a data breach puts a
heavy burden of proof on plaintiffs to show that (1) the healthcare
organizations were at fault for the breach and (2) the damages were a
direct result of the breach. Because there were four defendants and the
courts divided the case into the four defenses that each group of
defendants offered, HealthITSecurity.com spoke with Randy Gainer, partner
in the Seattle office of Davis Wright Tremaine. Gainer was able to
successfully move to dismiss the putative class action claims against
South Jersey Hospital, now known as Inspira, but also discussed some of
the other defenses raised in the lawsuit.
First, claims against hospitals run by the University of Michigan were
dismissed on 11th Amendment grounds. “The court agreed with their argument
that the State of Michigan had not waived their sovereign immunity to be
subject to these types of claims, and the claims against the Michigan
hospitals were dismissed,” Gainer said. The court didn’t even have to
review the other defenses that Michigan had raised.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
