Surge in Medical Record Breach Cases Raise Standard of Care Questions

“There has been a surge of litigation in recent years surrounding unauthorized releases of data in electronic health records. Many of those lawsuits center upon whether the healthcare provider storing the data was negligent,” writes Munger, Tolles & Olson’s Bryan H. Heckenlively in an article in the Winter 2016 edition of Trial Evidence published on Feb. 17, 2016 by the American Bar Association Section of Litigation.

In “Using Evidence of Industry Standard in Medical Record Breach Cases,” Mr. Heckenlively argues that the standard of care applied to healthcare providers facing professional negligence claims should also apply when healthcare providers face negligence claims for medical data breaches.

The standard of care in a negligence claim against a healthcare provider is whether the professional acted with the care expected of a reasonably careful provider acting under similar circumstances. Increasingly, doctors and hospitals must collect sensitive data about their patients in order to provide care. “As a result, securing the data is within the scope of the services provided by the healthcare provider, and the provider’s care in securing the data should be judged by the same standard as would be its care in providing services,” he writes.

Mr. Heckenlively continues the article by explaining how, under that standard, expert testimony regarding data security best practices in the healthcare industry could be used to defend providers at trial or defeat claims on summary judgment. He concludes by noting that the same type of analysis would apply to other professionals facing negligence claims related to data security.

Mr. Heckenlively is a litigator whose practice focuses on complex civil litigation, with a particular emphasis on privacy and data security matters and class actions. Along with his Munger Tolles colleague Bradley S. Phillips, he recently obtained a jury verdict for The Regents of the University of California after the University of California, Los Angeles (UCLA) Health System was accused of breaching a woman’s medical privacy by negligently releasing her medical records.