2017-00221961-CL-MC

Louis Merrick, CDCR#P11802 vs. Yulanda Mynheir

Nature of Proceeding: Hearing on Demurrer to 1st Amended Complaint

Filed By: Ehlenbach, Martha

Oral argument on this matter will be heard on September 5, 2018.

The Clerk shall fax a copy of the tentative ruling to the litigation coordinator on or before August 29, 2018. The litigation coordinator shall provide the tentative ruling to plaintiffs. Appearance is required on September 5, 2018.

Plaintiff Merrick shall be available, by COURTCALL, to participate in oral argument on the continuance date.

Defendant Yulanda Mynhier and R. Stephen Tharatt M.D.’s Demurrer to the 1st amended complaint is unopposed, taken as a concession to the merits, and is sustained without leave to amend for failure to state facts sufficient to constitute a cause of action.

The Court previously sustained the demurrer to the Original Complaint, with leave to amend. The defects have not been cured.

Plaintiffs Merrick, Milton and Garner are state prisoners who are suing defendants Mynhier and Tharratt over an incident in which a laptop was stolen by an unidentified party that may have contained their confidential medical information. Defendant Mynhier was the Director of Healthcare Policy and Administration employed by the California Correctional Health Care Services (CCHSC) and Defendant Tharratt was the Director of Health Care Operations for CCHCS. This is but one of a series of cases encountered by the Court on similar facts. Plaintiffs raise claims under the Confidentiality of Medical Information Act (Civ. Code, § 56 et seq.), violation of the

federal Electronic Communications Privacy Act (ECPA), breach of fiduciary duty, and in negligence. In May 2016 CCHCS sent out a “Data Breach Notification” to inmates including Plaintiffs, informing them

of a potential breach of their personal information when an unencrypted laptop was stolen from the personal vehicle of an employee of CCHCS. Plaintiffs allege that their personal information was viewed by an unauthorized employee of CCHCS who was in possession of the laptop when it was stolen. The First Amended Complaint alleges causes of action for general negligence, violation of California’s Confidentiality of Medical Information Act, violation of the federal Electronic Communications Privacy Act (ECPA), and Breach of Fiduciary Duty. None of the plaintiffs allege any damages arising out of the alleged breach of their personal information.

In ruling on the demurrer to the Complaint, the Court ruled that Defendants have established that they are immune from suit for injuries caused by another individual’s actions. Moreover, plaintiffs had not alleged facts sufficient to state a negligence claim or for violation of the Confidentiality of Medical Information Act. Finally, the Court held that Government Code 19572 and the Code of California Regulations title 15 did not provide for a private right of action. (See Minute Order March 28, 2018)

Immunity

Under the California Government Claims Act, a public employee can only be liable for an act or omission that he or she commits; there is no individual liability for actions or omissions taken by third parties, including co-workers. (Govt. Code § 820.8; see Weaver v. State of California (1998) 63 Cal.App.4th 188, 202.)

The Amended Complaint, like the original complaint, is devoid of any allegations that Tharratt and Mynhier personally committed the alleged acts, either as far as misplacing the laptop, or in any other role that allegedly resulted in the

purported compromise of Plaintiffs’ personal medical information. Likewise, there are no facts alleged that Tharratt or Mynhier was ever in possession or control of Plaintiff’s personal information in any that would extend liability or responsibility to him for any legal violation pertaining to an unauthorized release of Plaintiff’s medical information. Therefore, under Gov. Code 820.8, Mynhier and Tharratt are immune from liability resulting from other CCHCS employees who allegedly failed to expunge the laptop. ( Weaver, supra, at 202.)

Negligence

Sustained without leave to amend for failure to state facts sufficient to constitute a cause of action. Negligence is defined as “[t]he want of such care as a person of ordinary prudence would exercise under the circumstances of the case, the omission to do something which a reasonable man guided by those considerations which ordinarily regulate the conduct of human affairs would

do, or doing something which a reasonable and prudent man would not do….” (Smith
v. Johnson (1957) 152 Cal.App.2d 20, 23.)

Plaintiffs Amended Complaint fails to allege that personal information was actually contained on the laptop when it was stolen. The exhibits to the complaint demonstrate that it is unknown whether plaintiffs’ personal information was on the laptop. (Complaint Ex. A2 and B2. Facts “appearing in exhibits attached to the Complaint will be accepted as true and , if contrary to the allegations in the complaint, will be given precedence. Dodd v Citizens Bank of Costa Mesa (1990) 222 Cal.App.3d at 1624, 1627. Therefore plaintiffs have not alleged whether there was any breach of duty.

Moreover, a general negligence cause of action requires a plaintiff to allege that a defendant: (1) owed plaintiff a legal duty; (2) breached that duty; and (3) the breach proximately caused injury. (Mintz v Blue Cross of California (2009) 172 CaI.App.4th 1594, 1609.) Plaintiffs allege defendants refused to provide

plaintiffs with the true names of the workforce member in which the unencrypted laptop was placed fails to state a negligence claim. Plaintiffs do not cite any case law or statutory authority supporting the imposition of a legal duty under these circumstances. Additionally, the exhibits attached to the complaint
do not indicate that Tharratt or Mynhier denied plaintiffs’ requests for information; rather, the exhibits denying the request were signed by an unidentified “Health Care Representative.” (Complaint, Ex. A8.)

Confidentiality Act

Sustained without leave to amend for failure to state facts sufficient to constitute a cause of action. Plaintiffs fail to allege any facts showing an actual unauthorized access occurred of his confidential information under the Confidentiality Act, which protects the confidentiality of patients’ medical information. Sutter Health v. Superior Court (2014) 227 Cal.App.4th 1546, 1550 .) The Act provides for an award of $1,000 in nominal damages if a health care provider negligently releases medical information or records in violation of the Confidentiality Act. (Civ. Code, § 56.36, subd. (b)(1).) Any healthcare provider who “negligently creates, maintains, preserves, stores, abandons, destroys, or disposes of medical information” shall be subject to the penalties of section 56.36. (Civ. Code, § 56.101, subd. (a).) Liability only exists under § 56.36 where it is alleged that an unauthorized person viewed the confidential records. Sutter Health v Superior Court (2014) 227 Cal.App.4th 1546, 1558 .) No allegation has been made that plaintiff’s confidential medical information has actually been viewed or accessed after the theft of the laptop by moving defendants. Nor is there an allegation that there was a “release”; there is an allegation that the computer was stolen and that plaintiff’s medical information might have been on the drive. Therefore, plaintiffs’ allegations that “Mynhier and Tharratt, as directors, are directly responsible for the unauthorized review, release, theft, and usage of” plaintiffs’ personal information is conclusory and disregarded as contrary to law.

Electronic Communications Privacy Act

Sustained without leave to amend for failure to state facts sufficient to constitute a cause of action.

The ECPA is intended to protect data submitted in electronic, oral, and wire communications. (In re Pharmatrak, Inc. (1st Cir. 2003) 329 F.3d 9, 18.) It prohibits individuals and entities from “intentionally” intercepting wire, oral, or electronic information, or using intercepted information, with limited exceptions. (18 U.S.C. § 2511, subds. (a)-(e) [identifying activities prohibited by the statute].) It provides a cause of action against a person or entity who violated the statute for those whose information is “intercepted.” 18 U.S.C. § 2520, subd. (a). Based on the language of the statute, the interception must be intentional for liability to arise “inadvertent interceptions are not a basis for criminal or civil liability under the ECPA.” In re Pharmatrak Inc., supra, 329 F.3d at p. 23; United States v. Szymuszkiewicz (7th Cir. 2010) 622 F.3d 701, 707 [describing the basis for a conviction under the ECPA, which included the intentional monitoring of another individual’s emails].) And there is no “interception” when the information in question is not acquired simultaneously with transmission. (Noel v. Hall (9th Cir. 2009) 568 F.3d 743, 749; Konop v. Hawaiian Airlines, Inc (9th Cir. 2002) 302 F.3d 868, 876.) Here, plaintiffs’ allegations against

Mynhier and Tharratt are insufficient to state a claim for a violation of the ECPA. Those individuals are not alleged to have intercepted any electronic communications. The only data allegedly taken was information stored on a laptop, and it was stolen by an unidentified thief (See generally FAC.) Also, their citations to Krotfner v. Starbucks Corp. (9th Cir. 2010) 628 F.3d 1139 and In Re Zappos.com, Inc. (9th Cir. 2018) 888 F.3d 1020 are inapposite. (See FAC at p. 13, ¶ 55.) Those cases deal with federal standing requirements, not whether a cause of action may be stated under any theory. It is not alleged that any of the named defendants intentionally intercepted data in violation of the ECPA, or intentionally used intercepted data, so this cause of action fails. (18 U.S.C. §2511, subds (a)-(e).)

Breach of Fiduciary Duty

Sustained without leave to amend for failure to state facts sufficient to constitute a cause of action.

To establish a cause of action for breach of fiduciary duty, a plaintiff must demonstrate the existence of a fiduciary relationship, breach of that duty and damages.” (Charnay v. Cobert (2006) 145 Cal.App.4th 170, 182.) Generally, a fiduciary relationship is any relation existing between parties to a transaction

wherein one of the parties is duty bound to act with the utmost good faith for the
benefit of the other party. Such a relation ordinarily arises where a confidence is

reposed by one person in the integrity of another, and in such a relation the party
in whom the confidence is reposed, if he voluntarily accepts or assumes to accept
the confidence.” (Gilman v. Dalby (3d DCA 2009) 176 Cal. App. 4th 606, 613-614.) To
make clear, a cause of action for a breach of fiduciary duty has the following elements:
“(1) existence of a fiduciary duty; (2) breach of the fiduciary duty; and (3) damage
proximately caused by the breach.” (Stanley v. Richmond (1995) 35 Cal.App.4th 1070,

1086.) Assuming that they mean to bring such a claim, plaintiffs have alleged no facts
supporting any of these elements. Mynhier and Tharratt do not have any fiduciary
relationships with plaintiffs. (See Wolf v. Superior Court (2003) 106 Cal.App.4th 625,
630, as modified on denial of reh’g (Mar. 20, 2003) [listing traditional examples of
fiduciary relationships].) No facts show that any defendant breached a duty owed to
plaintiffs. (See generally FAC.) And, as explained above, plaintiffs allege no facts

indicating that they suffered harm as a result of the theft of a laptop. (See ibid.)

A court may sustain a demurrer with or without leave to amend. CCP 472a(c). Leave to amend a defective complaint should be denied where no liability exists under substantive law. Rotolo v San Jose Sports & Entertainment, LLC (2007) 151 Cal.App.4th 307, 321.

A demurrer must be sustained without leave to amend absent a showing by plaintiff that a reasonable possibility exists that the defect can be cured by amendment. Blank v Kirwan (1985) 39 Cal.3d 311, 318. The burden of proving such reasonable possibility rests squarely on the plaintiff. Torres v City of Yorba Linda (1993) 13 Cal.App.4th 1035, 1041. Plaintiff has not met that burden.

Therefore, this case is dismissed as to the named defendants only, Mynheir and Tharrat. The prevailing party shall prepare a formal order for the Court’s signature pursuant to C.R.C. 3.1312.