Opinion
22-cv-2061-AGS-DEB
09-18-2023
DJ GLENON, individually and on behalf of others similarly situated, Plaintiff, v. ABBOTT LABORATORIES, Defendant.
ORDER DENYING DEFENDANT'S MOTION TO DISMISS THE AMENDED COMPLAINT (ECF 14)
HON. ANDREW G. SCHOPLER UNITED STATES DISTRICT JUDGE
In this putative class action, plaintiff alleges that defendant Abbott Laboratories disclosed medical information about him and hundreds of other patients in a mass email. Abbott moves to dismiss.
For motion-to-dismiss purposes, this Court accepts “the factual allegations in the complaint as true” and construes them “in the light most favorable to the plaintiff.” GP Vincent II v. Estate of Beard, 68 F.4th 508, 514 (9th Cir. 2023).
In 2022, Synovation Medical Group shared with defendant Abbott Laboratories a patient list of 375 chronic-pain patients. (ECF 11, at 4; ECF 19, at 8.) Abbott sent a group email to those patients-including plaintiff DJ Glenon-that revealed all the recipients' email addresses. (ECF 11, at 4.) In addition, Glenon alleges that the email, excerpted below, implicitly exposed his chronic-pain condition and his health-care provider:
Hello!
Synovation Medical Group is welcoming a new physician . . . and he is offering an education event on November 2nd from 12-1pm. You are receiving this email because the topic addresses pain therapies that could help you.(ECF 19, at 8.) The attached flyer was titled “Abbott's Advancements in Chronic Pain Relief,” and it touted a “treatment for chronic pain” for those who have “tried multiple treatments for chronic pain but have not yet found effective pain relief.” (ECF 19-1, at 2.)
Glenon sued Abbott for violating California's Confidentiality of Medical Information Act and sought class certification.
DISCUSSION
Abbott moves to dismiss the amended complaint for failing to state a claim. To survive such a motion, a complaint must contain enough facts to “state a claim to relief that is plausible on its face.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009); see also Fed.R.Civ.P. 12(b)(6). Facial plausibility requires more than mere “conclusions” or a “formulaic recitation” of elements; it must be based on “factual allegations” that “raise a right to relief above the speculative level.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007) (cleaned up).
Under the Confidentiality of Medical Information Act, certain covered entities “shall not disclose medical information regarding a patient . . . without first obtaining an authorization.” Cal. Civ. Code § 56.10(a). Abbott protests that Glenon has not plausibly alleged (1) “that Abbott disclosed protected ‘medical information,'” (2) “that Abbott is the type of entity covered” by the CMIA, or (3) “that Abbott acted negligently.” (ECF 14-1, at 13.)
A. Medical Information
First, Abbott argues that its mass email did not divulge “medical information” under the CMIA, as it did not include (a) individually identifiable information, nor (b) any prohibited medical topics. See Cal. Civ. Code § 56.05(i) (defining “medical information”). As to the former point, Abbott disputes that Glenon's email address constituted “individually identifiable” information. But the CMIA's definition of that term seems to categorically include email addresses:
“Individually identifiable” means that the medical information includes or contains any element of personal identifying information sufficient to allow
identification of the individual, such as the patient's name, address, electronic mail address, telephone number, or social security number, or other information that, alone or in combination with other publicly available information, reveals the identity of the individual.Cal. Civ. Code § 56.05(i) (emphasis added).
Yet in Abbott's view, the CMIA does not protect email addresses unless they are independently shown to be “sufficient to allow identification of the individual.” (ECF 14-1, at 17.) Glenon's email address doesn't qualify, according to Abbott, because it “did not include Plaintiff's name” or other telling details. (Id. at 17 n.10; see also id. at 17 (arguing that “cryptic email addresses . . . are insufficient to identify their owner”).) This reading would lead to absurd results: Glenon might need to live on “DJ Glenon Street” to invoke the CMIA's protection of home addresses. Or he might have to change his phone number to “(800) D-GLENON” to ensure the CMIA shielded it from disclosure.
At any rate, the rule against surplusage dispenses with this argument. Courts must make “every effort not to interpret a provision in a manner that renders other provisions of the same statute . . . meaningless or superfluous.” United States v. Neal, 776 F.3d 645, 652 (9th Cir. 2015). If the phrase “sufficient to allow identification of the individual” was an implied further test for every item in the definitional list, the qualifier for the last item- “other information that . . . reveals the identity of the individual”-would become redundant and superfluous. See Cal. Civ. Code § 56.05(i) (emphasis added). Thus, Glenon's email address is entitled to CMIA protection without an individualized inquiry.
Because “other information” is separated from the rest of the list by a second use of the word “or,” proper grammar mandates that the ending phrase-“that . . . reveals the identity of the individual”-applies only to “other information,” not the rest of the list.
As to Abbott's other point, in the light most favorable to Glenon, the mass email plausibly released prohibited medical content, such as his “medical history,” “physical condition, or treatment.” See Cal. Civ. Code § 56.05(i). It begins, “You are receiving this email because the topic addresses pain therapies that could help you.” (ECF 19, at 8 (emphasis added).) And if there were any lingering questions about why the email recipients were selected, the attached flyer is aimed at people who have “tried multiple treatments for chronic pain.” (ECF 19-1, at 2.) Chronic pain disorder is undoubtedly a “serious medical condition[].” Raich v. Gonzales, 500 F.3d 850, 855 (9th Cir. 2007).
Glenon plausibly alleges that Abbott unveiled his “medical information”-that is, his individually identifiable information held by Abbott regarding protected medical subjects.
B. Covered Entity
Second, Abbott contends that the amended complaint lacks “any facts suggesting that Abbott” is an entity covered by the CMIA. (ECF 14-1, at 18.) The statute reaches, among other entities, any “provider of health care.” See Cal. Civ. Code §§ 56.05(o), 56.10(a). That term embraces any “business organized for the purpose of maintaining medical information in order to make the information available to an individual or to a provider of health care at the request of the individual or a provider of health care, for purposes of allowing the individual to manage their information, or for the diagnosis and treatment of the individual ....” Id. § 56.06(a).
Glenon alleges that Abbott is just this sort of entity, one “engaged in the business of providing health services and maintaining patient records on behalf of individuals as well as health care providers.” (ECF 11, at 4.) The amended complaint corroborates this assertion by quoting Abbott's own annual report, which describes its “principal business” as “the discovery, development, manufacture, and sale of . . . health care products.” (See id. at 3-4.) So does Abbott's group email, which demonstrates that it held contact information for hundreds of patients in a specific medical group and sought to share a new chronic-pain treatment with them. (See ECF 19, at 8; ECF 19-1, at 2.) Drawing all reasonable inferences in Glenon's favor, the Court concludes he has adequately pleaded that Abbott is a covered entity. Cf. Heldt v. Guardian Life Ins. Co. of Am., No. 16-cv-0885-BAS-NLS, 2017 WL 5194600, at *3 (S.D. Cal. Nov. 9, 2017) (denying motion to dismiss CMIA claim because complaint adequately alleged that defendant insurance company provided plaintiff “with a health care service plan,” though the CMIA generally exempts insurers).
C. Negligence
Finally, Abbott maintains that Glenon “alleges no facts suggesting that Abbott negligently failed to protect the confidentiality of his medical information.” (ECF 14-1, at 20.) Negligence is judged by a “standard of reasonable care.” Sandoval v. Qualcomm Inc., 494 P.3d 487, 496 (Cal. 2021). Assuming Abbott is a CMIA-covered entity, see section B supra, it had a duty to maintain Glenon's medical information “in a manner that preserves [its] confidentiality.” See Cal. Civ. Code § 56.101(a). Glenon claims it breached that duty by emailing this sensitive information to hundreds of other patients-without authority and with Glenon's email address visible in the To: line. (See ECF 19.) In the light most favorable to Glenon, this act fell below the standard of reasonable care; it was negligent. For example, a factfinder could plausibly conclude that Abbott should have preserved confidentiality by at least placing patients' email addresses in the Bcc: line.
CONCLUSION
Thus, Abbott's motion to dismiss the amended complaint is DENIED.