Federal Court holds nonprofit health center is immune from data breach class action
Daniel Rockey of Bryan Cave Leighton Paisner writes:
In a case of first impression, the United States District Court for the Southern District of California granted the motion of Defendant Neighborhood Healthcare seeking order compelling the United States to defend a putative class action lawsuit alleging that Neighborhood failed to ensure the confidentiality of her electronic health records in connection with a ransomware attack on Neighborhood’s data hosting provider, in violation of the Confidentiality of Medical Information Act.
Neighborhood’s attorneys at BCLP removed the case to federal court under 42 U.S.C. § 233(l), a provision of the Federally Supported Health Center Assistance Act (“FSHCAA”) by which Congress determined that federal nonprofit grant recipients may apply to be “deemed” an employee of the Public Health Service for purposes of the Federal Tort Claims Act (“FTCA”). The FSHCAA provides that the sole remedy for plaintiffs alleging “damage for personal injury, including death, resulting from the performance of medical, surgical, dental, or related functions,” is a claim against the US under the FTCA.
Read more at JDSupra.
I’m going to need to read this one a few times to begin to understand it.
After some digging, I found that the case is Doe v. Neighborhood Healthcare et al., Southern District of California (San Diego), 3:21-cv-01587-BEN-RBB. The motion for substitution can be found on RECAP, here. The order granting the motion for substitution can be found on RECAP, here.