Increased Risk of Harm Not Grounds For Advocate Health Breach Lawsuit
An Advocate Health breach lawsuit was recently deemed to be too speculative to warrant a class-action claim for damages. The Illinois Appellate Court recently ruled that an increased risk of suffering harm as a result of an exposure of confidential health data is insufficient by itself to confer standing in a class-action data breach claim. The risk of harm was not deemed to be severe enough to warrant a data breach class action lawsuit. For damages to be awarded, evidence of actual harm must be provided.
The case, Maglio v. Advocate Health and Hospitals Corporation, was filed by Matias Maglio on behalf of Macailee Maglio, Alexander Gill, and a number of other patients and next friends of minors affected by the breach. The plaintiffs allege they face an increased risk of suffering identity theft and fraud as a result of the exposure of their Protected Health Information (PHI). No identity theft had yet been reported or been suffered by any of the patients named in the lawsuit. The threat of fraud and loss was believed to be sufficient grounds for the complaint.
The defendants moved to dismiss the case, maintaining the theft of data was not sufficient grounds for any claim for damages, and said the complaint was simply too speculative in nature with no cognizable injury-in-fact suffered by any of the plaintiffs.
The trial court dismissed the case and now too the Illinois Appellate Court. Because there has been no palpable injury suffered by the breach victims, the case was deemed to have no standing. Emotional injury was also claimed to have been suffered by the plaintiffs as a result of the data theft, but the same conclusion was drawn by the court and the emotional damage claim was also considered to be too speculative in nature.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Recent Rulings Have Been in Favor of Plaintiffs
While the Illinois state courts may not be ruling in favor of plaintiffs who file class actions without having suffered fraud, had their identity stolen or otherwise suffered measurable losses, the same is not the case in other U.S states. In recent weeks a number of court decisions have gone in favor of plaintiffs, even without injuries having been suffered as a direct result of PHI exposure.
However, the recent ruling is unlikely to stem the tide of class-action lawsuits that are being filed for breaches of healthcare data and Social Security numbers. With another two multi-million record data breaches reported in recent weeks, more lawsuits than ever are expected to be filed by breach victims seeking damages.
Class action claims for healthcare data breaches may be threatening to swamp the U.S. court system, but the Illinois state courts may feel the burden ease. It is probable that class-action data breach lawsuits will be filed in more favorable states over the coming few months in light of the recent ruling.
