Healthcare Information Security

Patient Privacy News

Calif. Patient Privacy Case Reaches State Supreme Court

A California doctor is arguing for patient privacy, maintaining that medication records do not need to be seen by the state’s medical board.

California Supreme Court to hear patient privacy case.

Source: Thinkstock

By Elizabeth Snell

- Oral arguments in a patient privacy case were presented to the California Supreme Court earlier this week, claiming that controlled substance prescription data collected and submitted to the state justice department should remain protected.

In Lewis v. Superior Court, S219811, California-based Dr. Alwin Carl Lewis maintains that patient privacy was violated following a government agency obtaining an individual’s prescription records without a warrant.

The case also aims to determine if the “disclosure of such data to the Medical Board of California justified by a compelling state interest.”

In 2008, Lewis recommended a diet plan for a prospective patient, who reportedly found the proposal “unhealthful,” and filed a complaint to the Medical Board. The Board then obtained Controlled Substance Utilization Review and Evaluation System (CURES) reports on Lewis.

The Medical Board concluded that Lewis “failed to maintain adequate records regarding the patient who had complained about him, and two of his other patients had been over-prescribed controlled substances for a short period of time,” and placed him on three years of probation.

Lewis appealed to the Superior Court of Los Angeles County to set aside the board’s decision, claiming patient privacy violations. However, he lost his challenge at the trial court and appellate levels.

“With all the data that is being gathered about people – and this is health data, the most private data most deserving of protection – this data cannot be accessed willy-nilly,” Los Angeles attorney Henry Fenton said during the Supreme Court hearing, according to Courthouse News Service. “There has to be proper cause for them to do it.

He added that there is no interest in protecting patient data, and that the board simply wanted to retaliate against Lewis.

“In this particular instance the data was accessed even though there was absolutely no issue of controlled-substance abuse,” Fenton said. “This was a situation where Dr. Lewis mentioned that he thought that the three representatives on the board were perhaps overweight. I think there’s a good chance there was bias and they acted in a retaliatory fashion.”

The Medical Board of California explained in its 2015 response to an amicus brief that Lewis should not be able to use his patients’ privacy rights to shield himself against repercussions from providing inadequate care.

“Even if the claim is properly presented, Lewis has not shown an actionable invasion of privacy under the state right to privacy,” the Board wrote. “To begin with, patients lack a reasonable expectation of privacy that would prevent lawfully collected CURES data from being provided on a confidential basis to the Board.”

“Controlled substances have been subject to pervasive regulation – including a requirement that controlled substance prescriptions be reported to the State – for decades,” the response continued.

Even the US Supreme Court has previously concluded that patient reasonable expectations are not violated when controlled substance abuse records are used by regulators when provided by state law, noted the Board.

“Amici’s contrary arguments rest on the mistaken premise that CURES records are the same as complete medical records for purpose of a privacy analysis,” the Board stated. “They are not…the CURES reports at issue here include only the type and quantity of a controlled substance dispensed to a patient.”

The American Medical Associate (AMA) commented on the case back in 2015, saying that there was no prior showing of good cause for the board to review patient data.

“The board did so through the California Department of Justice (DOJ) database, which allows broad and indiscriminate disclosures to state, local and federal agencies—including law enforcement—and fails to adequately protect patient privacy,” the AMA explained at the time. “In this case, the Medical Board acquired three years of prescribing history of all of a single physician’s patients. In doing this, the Medical Board circumvented patients’ right of privacy guaranteed by the California constitution.”

Sensitive health data should be protected “from disclosure without probable cause or judicial review,” the AMA added. 


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...