Marisa Kendall reports:

It’s time for the state’s highest court to determine when to hold a medical care provider liable for compromised patient data, according to plaintiffs lawyers who lost a privacy case against Sutter Medical Foundation this summer.

The lawyers argue state appellate courts are at odds over whether the theft of patient records from a health care provider constitutes a violation of California’s medical confidentiality act, even if there is no evidence to suggest anyone read the stolen data. The Second District Court of Appeal said “yes” last year in a case involving UCLA, they argue, but the Third District, ruling in July in Sutter Health v. Superior Court, concluded the patient privacy law had not been breached.

Attorneys for Sutter disagree:

Rather, they argue, the two courts agreed that a theft of confidential medical files isn’t sufficient basis for a lawsuit without proof that an unauthorized person viewed the information. “There is and was no question about the uniformity of decision in the two cases,” Sutter’s lawyers wrote. “Their respective conclusions are clear, straightforward, and not subject in any way to disagreement.”

Read more on The Recorder (Reg. required)