Brown v. Mortensen

California Supreme Court Upholds Patient Privacy Protections.

Since 1981, the Confidentiality of Medical Information Act (CMIA) has protected the privacy of California patients by requiring written patient authorizations for most disclosures of medical information. A California court of appeal held that patients could not sue their medical providers for disclosing individually identifiable medical information to debt collectors or credit reporting agencies (CRAs) because the federal Fair Credit Reporting Act (FCRA) explicitly preempts all state law claims arising from the furnishing of information to CRAs. This ruling threatened to undermine the protections of the CMIA, because once personal information is shared it becomes accessible to anyone. Moreover, the court of appeal’s interpretation of the FCRA would have applied equally to any state-regulated business that furnishes sensitive personal consumer information to a consumer reporting agency, making it nearly impossible for California to protect the privacy of its citizens’ personal information. Public Good filed a brief in the California Supreme Court on behalf of itself and leading national and California consumer protection and privacy organizations, arguing that the FCRA was not intended to preempt state privacy laws. Since the FCRA imposes no obligations on furnishers of credit information to convey individually identifiable medical information to consumer reporting agencies, it is not in conflict with California’s privacy protections. The California Supreme Court unanimously agreed with Public Good’s arguments, finding that FCRA preemption applies only when information is disclosed to credit reporters based on duties to provide accurate information upon being notified of disputed credit information, and not when medical information is disclosed. California’s ability to protect its citizens’ vital personal information remains intact.

181 Cal.App.4th 789 (2010), reversed and remanded, 51 Cal. 4th 1052 (2011).