A number of other class actions have been filed about the data breach at Lincare, Inc., which this complaint claims provides “high-quality, at-home respiratory care, INR testing, enteral services, and home medical supplies throughout the country.” This California class action centers on that state’s Confidentiality of Medical Information Act (CMIA) and the right of people to keep their personal medical information private.
The class for this action is all citizens of California who were patients of Lincare on or before September 10, 2021, and who received notices from Lincare that their information was compromised in the data breach.
Given Lincare’s business, the complaint alleges, it collects “a significant amount of sensitive data from current and former patients…”
The data breach was discovered or around September 26, 2021, the complaint alleges, with the unauthorized access blocked by September 29. Lincare sent out the notice only many months later, on or around June 21, 2022, the complaint says, revealing that the information exposed included name, medical information, and medical treatment information, for example, provider, dates, diagnosis or procedure, and account or record numbers.
The complaint also alleges, “It is apparent from [Lincare’s] Notice that the Personal and Medical information contained within the server was not encrypted or was inadequately protected.”
Under the CMIA, persons who receive healthcare services and who provide information to healthcare entities have the right to keep that information confidential. According to the CMIA, “a provider of health care, healthcare service plan, or contractor shall not disclose medical information regarding a patient of the provider of health care or an enrollee or subscriber of a health care service plan without first obtaining an authorization…”
The act also provides that when one of these entities, or a pharmaceutical company, “creates, maintains, preserves, stores, abandons, destroys, or disposes of medical records” they must “do so in a manner that preserves the confidentiality of the information…”
Finally, the complaint quotes the CMIA as saying that individuals may “bring an action against any person or entity who has negligently released confidential information or records” and may ask for nominal damages of $1,000 or the amount of the actual damages sustained. The CMIA specifies that, in order to recover the $1,000 penalty, “it shall not be necessary that the plaintiff suffered or was threatened with actual damages.”
Lincare also has the obligation to keep health information confidential under the Health Insurance Portability and Accountability Act (HIPAA). The complaint cites, in particular, HIPAA’s “Standards for Privacy of Individually Identifiable Health Information” and “Security Standards for the Protection of Electronic Protected Health Information.”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Lincare Data Breach and California CMIA Law Complaint
August 19, 2022
A number of other class actions have been filed about the data breach at Lincare, Inc., which this complaint claims provides “high-quality, at-home respiratory care, INR testing, enteral services, and home medical supplies throughout the country.” This California class action centers on that state’s Confidentiality of Medical Information Act (CMIA) and the right of people to keep their personal medical information private.
Lincare Data Breach and California CMIA Law ComplaintCase Event History
Lincare Data Breach and California CMIA Law Complaint
August 19, 2022
A number of other class actions have been filed about the data breach at Lincare, Inc., which this complaint claims provides “high-quality, at-home respiratory care, INR testing, enteral services, and home medical supplies throughout the country.” This California class action centers on that state’s Confidentiality of Medical Information Act (CMIA) and the right of people to keep their personal medical information private.
Lincare Data Breach and California CMIA Law Complaint