Vigil v. Muir Medical Group IPA CA1/2, 84 Cal.App.5th 197

In December 2017 a Muir Medical Group employee (Myrissa Centeno) downloaded records for roughly 5,400+ patients and retained them after leaving employment; Muir notified patients in May 2018.
Maria Vigil filed a putative class action asserting, inter alia, negligent release of confidential medical information in violation of the CMIA (Cal. Civ. Code §§ 56.101, 56.36(b)).
Vigil moved to certify the class; she relied on evidence that Centeno downloaded and retained a patient spreadsheet and testimony that she scrolled through it.
Muir argued CMIA liability requires proof that an unauthorized person actually viewed each plaintiff’s medical information (relying on Sutter Health).
The trial court denied class certification, concluding individualized issues (whether each class member’s information was viewed and causation) would predominate.
The Court of Appeal affirmed, holding (1) a CMIA negligent-release claim requires proof that an unauthorized party viewed the plaintiff’s medical information, and (2) individualized issues predominate here so class certification was properly denied.

Issue	Plaintiff's Argument	Defendant's Argument	Held
Whether a CMIA negligent-release claim requires proof that an unauthorized person actually viewed the plaintiff's medical information	Vigil: a "release" (e.g., download/access) is sufficient; need not prove the info was actually read	Muir: under Sutter Health/Regents, CMIA requires an actual viewing by an unauthorized person to show breach	Held: Adopts Sutter Health—breach requires an unauthorized party to have actually viewed the medical information
Whether a CMIA breach can be proved on a class-wide basis (predominance)	Vigil: common evidence (download/retention of spreadsheet, policies, testimony) permits class-wide proof	Muir: individual proof needed for each member (who was viewed, causation, misuse)	Held: Individualized inquiries (viewing, causation, misuse) predominate; class-wide proof not shown
Whether the trial court abused its discretion in denying class certification	Vigil: court misread CMIA and thus abused discretion	Muir: court correctly applied law and substantial evidence supports denial	Held: No abuse of discretion; denial affirmed

Sutter Health v. Superior Court, 227 Cal.App.4th 1546 (Cal. Ct. App. 2014) (interprets CMIA to require an unauthorized party actually view medical information to establish a breach of confidentiality)
Regents of Univ. of California v. Superior Court, 220 Cal.App.4th 549 (Cal. Ct. App. 2013) (broad discussion of “release” under CMIA but holds mere loss of possession is insufficient; confidentiality breach required)
Linder v. Thrifty Oil Co., 23 Cal.4th 429 (Cal. 2000) (governs appellate review standard for class certification orders)
Brinker Restaurant Corp. v. Superior Court, 53 Cal.4th 1004 (Cal. 2012) (articulates class certification/community-of-interest and predominance analysis)