Data Breaches- Medical Data

Data Breaches: A Constant Threat

A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. As more and more of our personal information becomes accessible online, the risk of that information being lost or stolen by negligence or criminal activity grows every day. Recent breaches such as the 2017 Equifax breach, the 2015 Ashley Madison breach, and the 2018 Panera Bread data breach show that no company that stores personal information, whether it be a credit bureau, dating site, or restaurant, is immune from the risk. Protecting your personal information seems like an impossible task these days, but it is important to know in the aftermath of a data breach, you do have legal rights to pursue damages against those who were responsible for your private information.

Protecting Your Medical Data: The Confidentiality of Medical Information Act

The Confidentiality of Medical Information Act (CMIA) is a state law that adds to the federal protection of personal medical records under the Health Information Portability and Accountability Act (HIPAA). CMIA protects the confidentiality of individually identifiable medical information obtained by a health care provider and includes the following:

  • prohibits a health care provider, health care service plan, or contractor from disclosing medical information regarding a patient, enrollee, or subscriber without first obtaining an authorization, except as specified.
  • requires a health care provider, health care service plan, pharmaceutical company, or contractor who creates, maintains, preserves, stores, abandons, destroys, or disposes of medical records to do so in a manner that preserves the confidentiality of the information contained within those records.

Any individual may bring an action against any person or entity that has negligently released confidential information or records, for either or both nominal damages of $1,000 and the amount of actual damages, if any, sustained by the patient. It shall not be necessary to prove that the plaintiff suffered or was threatened with actual damages to recover nominal damages.

The law defines “medical information” to mean any individually identifiable information, in electronic or physical form, in possession of or derived from a provider of health care, health care service plan, pharmaceutical company, or contractor regarding a patient’s medical history, mental or physical condition, or treatment.

If you believe your medical information has been improperly handled, whether through a data breach or the negligence of a medical provider, Kazerouni Law Group will be happy to meet with you, free of cost, to discuss your legal rights.


Contact Kazerouni Law Group ∙ Free Case Evaluations

We do not charge for case evaluations. Talk over your situation with an experienced lawyer from our firm free of charge. Call 800-400-6808 or contact us online today.

Contact Kazerouni Law Group

Talk with an attorney from our firm free of charge.

Scroll to Top