As the large-scale health care data breaches disclosed in the last year suggest, the health care industry is both a vulnerable and attractive target to these hackers.

Stolen patient data includes names, birth dates, policy numbers, diagnosis codes and billing information, which are then used by criminals to commit medical fraud.

The successful hacking of health care entities’ data storage systems has spawned class action lawsuits across the nation. Such lawsuits typically assert claims for negligence, violations of individual state consumer protection statutes, violations of individual state data-breach notification statutes, breach of contract, and unjust enrichment. Most, if not all, of these lawsuits are subject to the Class Action Fairness Act of 2005.

The most significant impact has been the imposition and interpretation of the constitutional requirement that a plaintiff have Article III standing. In 2013, the U.S. Supreme Court appeared to espouse a more stringent view of Article III standing in Clapper v. Amnesty Int’l. In interpreting the requirement that the injury complained of must be “concrete, particularized, and actual or imminent,” the court noted that an injury that has not yet manifested must be “certainly impending to constitute an injury in fact” capable of conferring Article III standing. Allegations of a possible future injury, however, would not be sufficient to confer standing and would require dismissal of the plaintiff’s claims.

Click here to read the full article.

June 25, 2015 by Paula Knippa, Texas Lawyer