[BreachExchange] Data Breach Class Action Against Health Plans Rejected

[Audrey McNeil]

http://www.thelegalintelligencer.com/id=1202756260059/Data-Breach-Class-Action-Against-Health-Plans-Rejected?slreturn=20160328163231

The Pennsylvania Superior Court has once again thwarted a proposed class
action lawsuit against two health plans over the loss of a flash drive with
nearly 300,000 patients’ data, in part relying on a ruling that came down
between the plaintiffs’ first and second attempts to certify the class.

When a prior Superior Court panel ruled on the case of Baum v. Keystone
Mercy Health Plan, it remanded the case back to the Philadelphia trial
court after determining the lower court mistakenly found the plaintiffs had
to show reliance on the health plans’ privacy promises to prove a claim for
deceptive practices under the Uniform Trade Practices and Consumer
Protection Law. The Superior Court said only the UTPCPL’s fraud provisions
required proof of reliance, not the deceptive practices provision. It asked
the trial court to review the plaintiff’s motion to certify the class on
that claim, the merits of which the trial court hadn’t previously tackled.

The Philadelphia trial court ultimately ruled against plaintiff Avrum
Baum’s class certification motion on remand, finding he couldn’t show his
daughter’s data that was lost included personally identifiable information.
The court also found Baum didn’t have standing to bring a private cause of
action under the UTPCPL because he did not purchase his daughter’s
insurance policy, but rather it was paid for through Medicaid.

But before the Philadelphia trial court issued that ruling, a panel of the
Superior Court had ruled in 2015 in the case of Kern v. Lehigh Valley
Hospital. In that case, the court rejected the concept that it espoused in
the first Baum decision, finding instead that justifiable reliance is
required on claims of deceptive practices under the UTPCPL.

In its April 26 opinion in Baum, Judge Correale F. Stevens reiterated that
the first Baum court ruled the trial court appropriately dismissed the
UTPCPL fraudulent practices claim.

“In light of Kern, and upon review of the trial court’s additional findings
of fact and conclusions of law on remand, we further find the trial court
did not abuse its discretion in denying [Baum’s] motion to certify the
class to the extent it alleged deceptive conduct under the UTPCPL’s
catchall provision,” Stevens said.

Under Kern, Stevens said, Baum had to demonstrate that he and all the
prospective class members justifiably relied on the health plans’ alleged
violations of the UTPCPL and that they suffered an ascertainable loss as a
result. Having to demonstrate reliance is an individual inquiry that makes
class certification impractical, the court found.

Even though the trial court had improperly found Baum met the commonality
requirement given its then working assumption that reliance didn’t have to
be proved, Stevens noted that the lower court properly used its discretion
in denying class certification under other factors, such as numerosity and
typicality, adequacy of representation and the fair and efficient method of
adjudication.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160428/09c5f6a1/attachment.html>