Lawsuits Filed Over Theft of County Patients' Health Info

LOS ANGELES—With all the discussion over whether AB 1576 will properly protect adult performers' medical information from the would-be prying eyes of state and/or county health officials, perhaps it would be instructive to consider the case of Sutherland Healthcare Solutions, which "handles billing and collections for the county's Department of Health Services and Department of Public Health," according to a Los Angeles Times article. Seems Sutherland was burglarized on February 5 and eight computers containing the personal information, including medical, of more than 342,000 patients was on them. Sutherland's offered a $25,000 reward for information leading to the return of the stolen computers and/or the arrest and conviction of the thieves ... but that didn't stop two Los Angeles law firms from filing a class-action suit against the company over its apparently lax security. The suit charges that Sutherland didn't properly encrypt the data stored on the computers, that it failed to notify patients timely of the theft, and that it failed to take sufficient steps to ameliorate the damage done by the records' loss. "The lawsuit seeks to require the company and Los Angeles County to pay for additional credit monitoring and credit repair services, identity theft insurance, home security systems and other costs for the patients whose data was taken," Times reporter Abby Sewell wrote. "It also asks the court to order the county to require more stringent procedures to protect private and confidential data in future contracts." In response to the suit, as well as two other suits filed subsequently, county supervisors voted yesterday to require that all county departments' computer workstations be encrypted, as all county workers' laptops are already required to be. "They also asked that county staff members develop a plan to require 'all County-contracted agencies that exchange personally identifiable information and protected health information data with the County' to encrypt sensitive information on their computers as a condition of their contracts," Sewell wrote in a follow-up article. Obviously, few outside county government know just what data was contained on the stolen computers' hard drives, but it's no secret that the county has an active HIV treatment program, and that it keeps track of sexually-transmitted infections as part of its regular business. Moreover, it is not known whether any adult performers' records are among the stolen information ... but it might give some of them pause to consider how believable the state's promises of medical privacy surrounding their testing regimens will be if AB 1576 goes into effect.