Metropolitan News-Enterprise


Friday, November 24, 2017


Page 1


State Announces Multi-Million Dollar Settlements

DIRECTV Will Pay $9.5 Million, Health Care Provider to Part With $2 Million


By a MetNews Staff Writer


DIRECTV has agreed to pay $9.5 million to resolve the state’s claims against it based on allegations of dumping large volumes of hazardous waste, including batteries, electronic devices, and aerosols.

The accord was announced Wednesday by the Office of Attorney General and the Office of Alameda District Attorney.

It was also made public Wednesday that a non-profit health care provider in Santa Barbara, which operates five hospitals, has agreed to pay $2 million in settlement of an action against it by the Office of Attorney General based on two incidents where medical records of more than 50,000 patients became freely accessible on the Internet.

Violations Alleged

The complaint against DIRECTV, dated Oct. 30, alleges illegal activity at 25 facilities in California including Azusa, Ontario, Lancaster, Pacoima and Rancho Dominguez. It alleges violations of California’s Hazardous Waste Control Law (“HWCL”).

The pleading sets forth that in conducting satellite video services, DIRECTV’s employees handle “large volumes of electronic equipment” and other products which, once they are no longer usable, “must be handled and recycled or disposed of in compliance with the HWCL,” but aren’t. It also asserts breaches of the Unfair Competition Law.

In 2014, the state reached a settlement with AT&T a subsidiary of which, in 2015, acquired DIRECTV. By stipulation, the 2014 judgment will be amended to cover DIRECTV’s hazardous waste dumping.

Of the settlement amount, $8.6 million will go to the Office of Attorney General, covering civil penalties and costs, to be applied to environmental protection.

In 2010, DIRECTV entered into a $13.25 million settlement with California’s Office of Attorney General DIRECTV and offices of 48 other attorneys general over misleading sales and marketing practices.

Privacy Violation

The settlement announced Wednesday requires that Cottage Health System upgrade its data security and pay costs and penalties.

A lapse in the security of its computer system resulted in 32,755 patients’ records being online from Oct. 8 to Dec. 2 of 2013. A man in Arizona reported to Cottage that his records were publicly available.

A second lapse occurred in 2015 and was of a two-week duration. The AG’s Office reckons that the total number of records that were exposed during the two episodes exceeds 50,000.

Settlement Provisions

A stipulation for entry of judgment was executed Nov. 15. It recites:

“Plaintiff will file a civil complaint against Cottage alleging causes of action involving two separate data incidents discovered in 2013 and 2015, respectively. Cottage has not reviewed the complaint and does not know its contents. Cottage does not admit, agree or stipulate to any of the facts, allegations or characterizations set forth in the complaint filed in this matter.”

It is stipulated that any judge may sign the judgment on an ex parte basis.

Allegations in Complaint

The complaint, dated last Tuesday, alleges violations of the Confidentiality of Medical Information Act, Civil Code §56.101, and Unfair Competition Law, Business & Professions Code §17200, as well as the federal Health Insurance Portability and Affordability Act, 42 USC §1320d-2(d)(2).

It relates that an investigation showed that Cottage “was running outdated software, failing to apply software patches, not resetting default configurations, not using strong passwords, failing to limit access to sensitive PH. and failing to conduct regular risk assessments, among other things.”

Deputy Attorney General Lisa B. Kim represented the People and Jeffrey Rabkin of Jones Day and L. Donald Boden of Griffith & Thornburgh LLP acted for Cottage Health, Goleta Valley Cottage Hospital, Santa Barbara Cottage Hospital, and Santa Ynez Valley Cottage Hospital.

2014 Class Action

In 2014, Cottage and its systems administrator, Laguna Hills-based tech company INSYNC Computer Solution Inc., were defendants in a patients’ class action in Orange Superior Court claiming violations of the Confidentiality of Medical Information Act and the Health Insurance Portability and Accountability Act. There were 50,917 class members.

The action was settled for $4.125 million.

Cottage then sought indemnification from its insurer, Columbia Casualty Co., which paid it $4.125 million under a reservation of rights, but then sued in U.S. District Court for the Central District of California contending that Cottage, in applying for cyberinsurance “made a number of material misrepresentations” as to its safety precautions in connection with records security.

The case was removed to Santa Barbara Superior Court.


Copyright 2017, Metropolitan News Company