Jackson v. Health Center Partners of Southern California

CourtDistrict Court, S.D. California
DecidedAugust 7, 2024
Docket3:24-cv-00106
StatusUnknown

This text of Jackson v. Health Center Partners of Southern California (Jackson v. Health Center Partners of Southern California) is published on Counsel Stack Legal Research, covering District Court, S.D. California primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook
Jackson v. Health Center Partners of Southern California, (S.D. Cal. 2024).

Opinion

1 2 3 4 5 6 7 UNITED STATES DISTRICT COURT 8 SOUTHERN DISTRICT OF CALIFORNIA 9 10 JAMES JACKSON, Case No.: 24-cv-00106-BEN (DDL)

11 Plaintiff, ORDER DENYING MOTION TO 12 v. DISMISS FOR LACK OF JURISDICTION AND MOTION TO 13 HEALTH CENTER PARTNERS OF DISMISS FOR FAILURE TO STATE SOUTHERN CALIFORNIA, et al, 14 A CLAIM Defendants. 15 [Dkt. 2, 8] 16 17 Now before the Court is the Motion to Dismiss for Lack of Jurisdiction brought by 18 Defendant Netgain Technology, LLC (“Netgain”), and the Motion to Dismiss for Failure 19 to State a Claim brought by Defendant Council of Community Clinics (“CCC”) doing 20 business as Health Centers Partners of Southern California.1 (Dkt. #8). The motions are 21 denied. 22 I. BACKGROUND 23 Plaintiff brings this putative class action alleging state law violations of 24 California’s Confidentiality of Medical Information Act and California’s Customer 25 Records Act relating to a data breach involving Plaintiff’s and potential class members’ 26

27 1 See Defendant’s Request for Judicial Notice (“RJN”) (fictitious business name 28 1 medical and personal information. The operative complaint is the Second Amended 2 Complaint (“SAC”) which was filed on August 22, 2023 in the Superior Court of the 3 State of California for the County of San Diego, Case No. 37-2021-00038892-CU-BT- 4 CTL, prior to the case being removed to this Court. See Dkt. 1-4 (Jan. 16, 2024). 5 A. Statement of Facts2 6 In the Second Amended Complaint filed before the Superior Court, Plaintiff 7 alleges that he is a San Diego County, California resident and a patient of a San Diego 8 County, California based healthcare clinic. As a patient, Plaintiff provided his personal 9 information, including his name, address, date of birth, social security number, phone 10 number and email address to a health care entity named Council of Community Clinics 11 and doing business as Health Centers Partners of Southern California. Plaintiff alleges 12 that CCC maintains an online computer program to allow patients to securely access and 13 review their health information, as well as to update their personal information. Plaintiff 14 alleges that CCC contracted with Netgain to store and protect the private medical 15 information of his own and other CCC patients. 16 Plaintiff alleges that between October 22, 2020 and December 3, 2020, CCC and 17 Netgain were negligent and failed to properly maintain, preserve, and store the 18 confidential, medical, and personal identifying information of Plaintiff by allowing an 19 unauthorized unknown person to gain access and actually view his information. Plaintiff 20 maintains that he has the right to expect that the confidentiality of his medical 21 information in possession of CCC and Netgain be reasonably preserved and protected 22 from unauthorized viewing, exfiltration, theft, and/or disclosures. Plaintiff alleges CCC’s 23 and Netgain’s negligence in caring for the medical information constitutes a violation of 24 three state statutes. 25

26 2 The majority of the facts are taken from the Second Amended Complaint and for 27 purposes of ruling on the instant motion to dismiss, the Court assumes the truth of the allegations pled and liberally construes allegations in favor of the non-moving party. 28 1 As set out in the SAC, Netgain was an IT provider for CCC. Netgain notified CCC 2 that there had been a data breach and that plaintiff’s information may have been exposed 3 to unauthorized access by a criminal hacker. Netgain’s notice to CCC, and CCC’s notice 4 to Plaintiff, said that an attacker had launched a ransomware attack around October to 5 December 2020, and that Netgain had paid the ransom. Defendants maintain that 6 Plaintiff’s medical information was never disclosed to, or actually viewed by, the 7 criminal hackers because the ransom amount was paid in exchange for non-exposure of 8 the medical data. Plaintiff alleges, nevertheless, that during the time period of the attack, 9 his medical information was accessible by the data attackers. 10 B. State Law Causes of Action 11 Plaintiff’s Second Amended Complaint alleges three California state law causes of 12 action (“COA”) against CCC for violations of: (1) the Confidentiality of Medical 13 Information Act, California Civil Code §§ 56, et seq. (“CMIA”); (2) the Customer 14 Records Act, California Civil Code § 1798.82 (“CRA”); and (3) the California Unfair 15 Competition Laws, California Business and Professions Code §§ 17200, et seq. (“UCL”). 16 II. LEGAL STANDARD & DISCUSSION 17 Under Federal Rule of Civil Procedure 12(b)(2) a complaint against a defendant 18 may be dismissed for lack of personal jurisdiction. When a party seeks dismissal under 19 Rule 12(b)(2) for lack of personal jurisdiction, the plaintiff bears the burden of 20 demonstrating that the exercise of personal jurisdiction is proper. Menken v. Emm, 503 21 F.3d 1050, 1056 (9th Cir. 2007). When a motion to dismiss for lack of personal 22 jurisdiction is based on the briefs rather than an evidentiary hearing, “the plaintiff need 23 only make a prima facie showing of jurisdictional facts.” Sher v. Johnson, 911 F.2d 24 1357, 1361 (9th Cir. 1990). While “uncontroverted allegations in the complaint must be 25 taken as true,” the plaintiff cannot “simply rest on the bare allegations of its complaint.” 26 Schwarzenegger v. Fred Martin Motor Co., 374 F.3d 797, 800 (9th Cir. 2004) (quoting 27 Amba Mktg. Sys., Inc. v. Jobar Int'l, Inc., 551 F.2d 784, 787 (9th Cir. 1977)). The court 28 “may not assume the truth of allegations in a pleading which are contradicted by 1 affidavit, but factual conflicts between dueling affidavits must be resolved in the 2 plaintiff's favor.” Ayla, LLC v. Alya Skin Pty. Ltd., 11 F.4th 972, 978 (9th Cir. 2021) 3 (internal quotation marks and citations omitted). “[B]are bones assertions of minimum 4 contacts with the forum or legal conclusions unsupported by specific factual allegations 5 will not satisfy a plaintiff's pleading burden.” Swartz v. KPMG LLP, 476 F.3d 756, 766 6 (9th Cir. 2007) (internal quotation marks omitted). Nor will “random,” “fortuitous,” or 7 “attenuated” contacts establish specific personal jurisdiction. Burger King Corp. v. 8 Rudzewicz, 471 U.S. 462, 475 (1985). 9 Under Federal Rule of Civil Procedure 12(b)(6), a complaint may be dismissed 10 when a plaintiff’s allegations fail to set forth a plausible set of facts which would entitle 11 the complainant to relief. Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007); Ashcroft 12 v. Iqbal, 556 U.S. 662, 679 (2009) (holding that a claim must be facially plausible to 13 survive a motion to dismiss). To state a plausible claim for relief, the pleadings must 14 raise the right to relief beyond the speculative level; a plaintiff must provide “more than 15 labels and conclusions, and a formulaic recitation of the elements of a cause of action will 16 not do.” Twombly, 550 U.S. at 555 (citation omitted).

Free access — add to your briefcase to read the full text and ask questions with AI

Related

Cite This Page — Counsel Stack

Bluebook (online)
Jackson v. Health Center Partners of Southern California, Counsel Stack Legal Research, https://law.counselstack.com/opinion/jackson-v-health-center-partners-of-southern-california-casd-2024.