Monthly Archives: August 2014

Medical Records, The Internet, and A “Publication”


This entry was posted by on .

Last week, the federal District Court in Virginia issued a quasi security/data breach coverage case where the court concluded that making private medical records accessible online constituted a publication even though there was no evidence that a third party had accessed them.  Travelers Indem. Co. of Am. v. Portal Healthcare Solutions, LLC, No. 13-917, 2014 WL 3887797 (E.D. Va. Aug. 7, 2014).  The mere fact that the records were accessible satisfied the plain and ordinary meaning of the term “publication” to implicate the duty to defend.  What makes this decision noteworthy is how the Court distinguished the case before it from other decisions limiting the meaning of the term “publication.”  Given that many healthcare providers are introducing “online” services for medical records, brokers and underwriters also may want to take note of this decision. 

Portal Healthcare Solution (“Portal”) was a business specializing in the electronic safekeeping of medical records for hospitals, clinics, and other medical providers.  Id. at *1.  A New York putative class action was filed against it, alleging that Portal had failed to safeguard confidential medical records of patients at Glen Falls Hospital (“Glen Falls”), posting those records on the internet and causing them to become publicly accessible on the internet.  Id.  Two patients of Glen Falls discovered the breach when they ran a Google search of their names, and found links that directed them to their Glen Falls medical records.  Id. at *2.  (Honestly, how many of you are now going to Google your name?  I did.)  Read More

This entry was posted in Data Breach Insurance Coverage, Privacy Rights, Uncategorized and tagged .

Are “Right of Privacy” and “Person” Ambiguous? New York Weighs In


This entry was posted by on .

Last week, I vacationed in beautiful Cooperstown, NY, where I watched baseball in stadiums built to resemble early 20th century ballparks, visited the Baseball Hall of Fame, and enjoyed scenic views of the green Catskill Mountains.  Oh, and there’s the Ommegang brewery, too.  During that week, I was totally free of daily faxes promoting low-budget roof repairs, instant credit for business loans, and vacation hideaways in Cancun.  So, what a return to reality it was to see Tower National Ins. Co. v. National Business Capital, Inc., No. 155786/2012, 2014 WL 3728500 (N.Y. Supr. Ct. July 28, 2014), a case addressing the meaning of “right of privacy” in the context of blast faxes.  Thanks (or maybe not) to Roberta Anderson at K&L Gates for bringing this case to my attention as I returned back to the 21st century.

The underlying lawsuit was a putative class action seeking damages for National Business Capital’s (“NBC”) alleged blast faxing in violation of the TCPA and Connecticut’s version of the statute.  NBC sought coverage under its CGL policy for “personal and advertising injury” under “[o]ral or written publication, in any nature, of material that violates a person’s right of privacy.”  Id. at *1-2.  The issue was one of first impression in New York.  (NBC also contended that the underlying action alleged “property damage,” but the court held that the complaint did not allege an “occurrence” to implicate coverage under Coverage A.  Id. at *4.) Read More

This entry was posted in Privacy Rights, Uncategorized.