Opinion
5:16-cv-01928-EJD
09-16-2021
JONATHAN MARC DAVIDSON, et al., Plaintiffs, v. HEWLETT-PACKARD COMPANY, et al., Defendants.
ORDER GRANTING DEFENDANTS' MOTION FOR SUMMARY JUDGMENT
Re: Dkt. No. 203
EDWARD J. DAVILA United States District Judge
Pro se Plaintiffs Jonathan Marc Davidson and Corinna Davidson (collectively “Plaintiffs”) brought this action against Defendants Hewlett-Packard Company n/k/a HP Inc., Hewlett Packard Enterprise Company (“HPE”), United Healthcare Services, Inc., UnitedHealth Group Incorporated (“United Healthcare” or “UHC”), Dr. Angelique Green, Dr. Peter Stangel, Dr. Edward Greenberg, and Dr. Lauren Standig (collectively, “Defendants”) seeking damages relating to Defendants' decision to end Jonathan Davidson's medical care at a rehabilitation center and transfer him to custodial care at home. On August 15, 2019, the Court dismissed with prejudice all of the claims alleged by Plaintiffs in their Third Amended Complaint (“TAC”), except for their invasion of privacy claim.
See Order Granting in Part and Denying in Part Defendants' Motion to Dismiss, Dkt. No. 178.
Now before the Court is Defendants' Motion for Summary judgment as to Plaintiffs' invasion of privacy claim. (“Mot.”), Dkt. No. 203. Having read the papers filed by the parties and carefully considered their arguments and the relevant legal authority, the Court hereby GRANTS Defendants' Motion for Summary Judgment.
The Court took this motion under submission without oral argument pursuant to Civil Local Rule 7-1(b).
I. BACKGROUND
As a part of her employment at HPE, Plaintiff Corinna Davidson (“Mrs. Davidson”) was eligible to participate in the company's medical benefits plans. See Mar. 24, 2017 Decl. of Elsa Karr (“Karr I Decl.”), Dkt. No. 203-2 ¶ 3. Mrs. Davidson elected to participate in HPE's medical benefits plans offered by HPE, which also afforded her husband, Jonathan Davidson (“Mr. Davidson”), the opportunity to become a beneficiary. Since 2009, Mr. Davidson has suffered from amyotrophic lateral sclerosis (“ALS”), or Lou Gehrig's disease. He is physically disabled and requires continuous medical care, including feeding and breathing tubes. HPE has served as the plan administrator of Plaintiffs' medical benefits, first for the HP Inc. Comprehensive Welfare Benefits Plan and then for the HPE Comprehensive Welfare Benefits Plan (collectively the “Plan”). Id. ¶¶ 7-9.
In December 2014, Mr. Davidson was admitted into a skilled-care nursing facility. See Apr. 9, 2015 Dr. Angelique Green Letter (“Dr. Green Letter”), Dkt. No. 203-13. In February 2015, however, UHC's clinical staff determined Mr. Davidson's continued stay in a skilled nursing facility was not covered under Plaintiffs' health plan and that he no longer needed skilled care at the facility. Id. According to Plaintiffs, the clinical staff decided Mr. Davidson should instead receive “custodial care” at his home. Apr. 8, 2020 Corinna Davidson's Supp. Interrogatory Answers (“Apr. 2020 C.D. Supp. Answers”), Dkt. No. 203-28 at 1-2. Plaintiffs unsuccessfully challenged this decision in a series of administrative appeals, but UHC allowed Mr. Davidson to remain in the skilled care facility on a week-by-week basis. Later in 2015, HPE agreed to include a supplemental medical benefits program (the “Supplemental Program”) as part of Mrs. Davidson's medical coverage which covered custodial skilled nursing care for an unlimited number of days. See Karr I Decl. ¶ 5.
Following HPE's inclusion of the Supplemental Program, Plaintiffs' medical coverage consisted of two parts: (a) the active medical benefits program; and the (b) Supplemental Program. Id. During this time, UHC served as the claims administrator for Plaintiffs' HPE benefits plan while prescription drug and behavioral health coverage was offered through Optum. See, e.g. Hewlett-Packard Company Active Medical Plans Summary Plan Description 2015 (“2015 SPD”), Dkt. No. 203-5. The terms and conditions of the medical coverage offered to Plaintiffs were set forth in the Summary Plan Descriptions (“SPDs”), which were provided to participants and their beneficiaries on a yearly basis and upon request. Id. In addition to information about coverage and claims procedures, the SPDs explained to participants and beneficiaries that HPE and UHC “may use individually identifiable health information to administer the Plan and pay claims, to identify procedures, products, or services that [Plaintiffs] may find valuable, and as otherwise permitted or required by law.” 2015 SPD at 194. They also informed participants and beneficiaries that “[b]y accepting [b]enefits under the Plan, ” they authorized and directed “any person or institution that has provided services to [participants and beneficiaries] to furnish [HPE AND UHC] with all information or copies of records relating to the services provided.” Id. Additionally, HPE and UHC had the “right to release any and all records concerning health care services which [were] necessary to implement and administer the terms of the Plan, [or] for appropriate medical review or quality assessment. . . .” Id.
The Court's citations to documents are to the document's ECF page number.
Plaintiffs also received HPE's Notice of Privacy Practices (the “Privacy Notice”), which informed Plan participants that protected health information (“PHI”) may be disclosed without the participant's or beneficiary's written authorization “to determine [their] eligibility for benefits under the Plan, . . . [or] to determine if the claim for benefits [was] covered under the Plan.” Privacy Notice, Dkt. No. 203-8 at 5. According to the Privacy Notice, PHI could also be used or disclosed by the “Plan as part of the Plan's healthcare operations, ” including for activities such as “case management and care coordination, quality assurance, conducting or arranging for medical review, auditing, or legal services, . . . and customer service and resolution of internal grievances.” Id. at 6.
Plaintiffs' invasion of privacy claim focuses on two separate forms of alleged intrusions into their right to privacy. First, Plaintiffs assert that Defendants “communicated, disseminated, published and publicly distributed” private medical information about Mr. Davidson to several individuals, including his treating physicians (or their representatives), HPE and UHC employees and the board of directors, representatives from Optum, and a case manager who worked at a facility at which Mr. Davidson received care from December 2014 to December 2018. July 11, 2020 Corinna Davidson's Supplemental Interrogatory Answers (“July 2020 C. D. Supp. Answers”), Dkt. No. 203-9 at 4; Apr. 7, 2020 Jonathan Davidson's Supplemental Interrogatory Answers (“J.D. Supp. Answers”), Dkt. No. 203-10 at 3-4. Throughout this same period, Plaintiffs also shared Mr. Davidson's medical information including his health status and services received with individuals at HPE, UHC, Optum, as well as members of the “National Media, Local Media, and Independent [Media].” See J.D. Supp. Answers at 10-12. Mr. Davidson, along with a family member, also created a publicly available blog on which Mr. Davidson's diagnosis and other personally identifying medical information was shared. See Dkt. No. 203-21; see also Sept. 21, 2020 Decl. of Sarah Bryan Fask (“Fask Decl.”), Dkt. No. 203-29.
Plaintiffs also believe that Defendants have utilized online communications and their use of the UHC website and portal to “intrude in the laptop, computing or communication devices of [Plaintiffs].” J.D. Supp. Answers at 4-5. Plaintiffs retained a certified public accounting and business advisory firm to determine if their computers had been intruded upon. Dep. of Kaly Richmond (“Richmond Dep.”), Dkt. No. 203-22 at 10:12-17. Specifically, Mrs. Davidson informed the firm that she was “suspicious about flashing green screens and black box[es] popping-up on her screen.” Id. at 88:6-9. After an analysis of Plaintiffs' electronic devices, the firm did not find any evidence that any representative, agent, or employee associated with Defendants accessed Plaintiffs' electronic devices. Id. at 93:14-94:1.
II. LEGAL STANDARDS
A. Summary Judgment
A court must grant summary judgment if the movant shows “that there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law.” Fed.R.Civ.P. 56(a). In order to satisfy this burden, “the moving party must either produce evidence negating an essential element of the nonmoving party's claim or defense or show that the nonmoving party does not have enough evidence of an essential element to carry its ultimate burden of persuasion at trial.” Nissan Fire & Marine Ins. Co. v. Fritz Companies, Inc., 210 F.3d 1099, 1102 (9th Cir. 2000). “In order to carry its ultimate burden of persuasion on the motion, the moving party must persuade the court that there is no genuine issue of material fact.” Id.
If the moving party meets its burden of production, the nonmoving party must produce evidence to support its claim or defense. Id. at 1103. If the nonmoving party fails to produce enough evidence to create a genuine issue of material fact, Rule 56(c) mandates the moving party win the motion for summary judgment. See id.
The court must draw all reasonable inferences in favor of the party against whom summary judgment is sought. Matsushita Elec. Indus. Co. v. Zenith Radio Corp., 475 U.S. 574, 587 (1986). However, “the mere suggestion that facts are in controversy, as well as conclusory or speculative testimony in affidavits and moving papers, is not sufficient to defeat summary judgment.” Hamm v. Mercedes-Benz USA, LLC, No. 5:16-CV-03370-EJD, 2019 WL 4751911, at *2 (N.D. Cal. Sept. 30, 2019); see also Matsushita Elec. Indus. Co., 475 U.S. at 587 (“When the moving party has carried its burden under Rule 56(c), its opponent must do more than simply show that there is some metaphysical doubt as to the material facts.”). Instead, the non-moving party must come forward with admissible evidence to satisfy the burden. Fed.R.Civ.P. 56(c).
B. Pro Se Pleadings
Pleadings filed by pro se plaintiffs must be “construed liberally.” Resnick v. Hayes, 213 F.3d 443, 447 (9th Cir. 2000). In order to do so, the court “need not give a plaintiff the benefit of every conceivable doubt, ” but must “draw every reasonable or warranted factual inference in the plaintiff's favor.” McKinney v. De Bord, 507 F.2d 501, 504 (9th Cir. 1974). Courts must use common sense when interpreting the often-unclear pleadings from pro se plaintiffs. Id. Although pro se litigants are held to “less stringent standards, ” they are not exempt from “complying with the procedural and substantive rules of the court” and must “comply strictly with the summary judgment rules.” Haines v. Kerner, 404 U.S. 519, 520 (1972); Thomas v. Ponder, 611 F.3d 1144, 1150 (9th Cir. 2010) (citing Bias v. Moynihan, 508 F.3d 1212, 1219 (9th Cir. 2007)).
III. DISPUTED FACTS AND EVIDENTIARY ISSUES
Plaintiffs dispute many of the facts on which Defendants' Motion relies. See Dkt. No. 208. Yet, they fail to cite to evidence that actually controverts any of Defendants' proffered facts. Plaintiffs instead make conclusory and speculatory statements or circular citations back to documents which do not suggest a disputed fact.
The Court is not “required to comb through the record to find some reason to deny a motion for summary judgment, ” and therefore when it appears that Plaintiffs have not cited to any specific evidence controverting a fact on which Defendants rely, the Court will deem the fact undisputed for purposes of this motion. Forsberg v. Pac. Nw. Bell Tel. Co., 840 F.2d 1409, 1418 (9th Cir. 1988).
IV. DISCUSSION
Plaintiffs claim Defendants violated their right to privacy under Article I, Section 1 of the California Constitution and California common law. TAC ¶¶ 121-22. The Court will address both variants of Plaintiffs' invasion of privacy claim separately.
Plaintiffs also claim Defendants' “intrusion, privacy violations and communication, publication, dissemination, and distribution of private information of Plaintiffs violates federal law and regulations including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). TAC ¶ 121. However, HIPAA does not provide for a private right of action. See Poli v. Mt. Valleys Health Ctrs., Inc., No. 2:05-2015-GEB-KJM, 2006 WL 83378 (E.D. Cal. Jan. 11, 2006) (rejecting plaintiff's claim for violation of HIPAA because no express or implied private cause of action exists under the statute.)
A. Invasion of Privacy Under the California Constitution
The California Constitution creates a privacy right that protects individuals from the invasion of their privacy by private parties. Am. Acad. of Pediatrics v. Lungren, 16 Cal.4th 307 (1997); Leonel v. Am. Airlines, Inc., 400 F.3d 702, 711-12 (9th Cir. 2005), opinion amended on denial of reh'g, 03-15890, 2005 WL 976985 (9th Cir. Apr. 28, 2005). To establish a claim under the California Constitutional right to privacy, a plaintiff must first demonstrate three elements: (1) a legally protected privacy interest; (2) a reasonable expectation of privacy under the circumstances; and (3) conduct by the defendant that amounts to a serious invasion of the protected privacy interest. Hill v. Nat'l Collegiate Athletic Assn, 7 Cal.4th 1, 35-37 (1994). These elements do not constitute a categorical test, but rather serve as threshold components of a valid claim to be used to “weed out claims that involve so insignificant or de minimis an intrusion on a constitutionally protected privacy interest as not even to require an explanation or justification by the defendant.” Loder v. City of Glendale, 14 Cal.4th 846, 893 (1997). “Actionable invasions of privacy must be sufficiently serious in their nature, scope, and actual or potential impact to constitute an egregious breach of the social norms underlying the privacy right.” Hill, 7 Cal.4th at 37. Thus, if the allegations “show no reasonable expectation of privacy or an insubstantial impact on privacy interests, the question of invasion may be adjudicated as a matter of law.” Pioneer Elecs. (USA), Inc. v. Superior Ct., 40 Cal.4th 360, 370 (2007) (citing Hill, 7 Cal.4th at 40).
The California Constitution sets a high bar for an invasion of privacy claim. Even disclosure of personal information, such as social security numbers, does not constitute an “egregious breach of the social norms” to establish an invasion of privacy claim. See, e.g., In re iPhone Application Litig., 844 F.Supp.2d 1040, 1063 (N.D. Cal. 2012) (holding that the disclosure to third parties of unique device identifier numbers, personal data, and geolocation information did not constitute an egregious breach of privacy); Folgelstrom v. Lamps Plus, Inc., 195 Cal.App.4th 986, 992 (2011) (“Here, the supposed invasion of privacy essentially consisted of [Defendant] obtaining plaintiff's address without his knowledge or permission, and using it to mail him coupons and other advertisements. This conduct is not an egregious breach of social norms, but routine commercial behavior.”).
i. The Sharing and Use of Mr. Davidson's Medical Information
a. Legally Protected Privacy Interest
Plaintiffs' claim relates directly to what they contend was the improper sharing of Mr. Davidson's medical information “across UHC platforms” after they appealed UHC's coverage determination. Opp'n at 11-12. Courts have previously recognized that individuals possess a legally cognizable privacy interest “in precluding the dissemination or misuse of sensitive and confidential information.” Hill, 7 Cal.4th at 5. Moreover, an individual's medical information is considered confidential information. See e.g., Heldt v. Guardian Life Ins. Co. of Am., 16-CV-885-BAS-NLS, 2019 WL 651503, at *4 (S.D. Cal. Feb. 15, 2019) (recognizing a legally protected privacy interest in medical information held by an insurer). Because Plaintiffs' claim deals with the exchange and alleged misuse of confidential information, the Court finds Mr. Davidson holds a legally protected privacy interest in his medical information.
The same, however, cannot be said about Mrs. Davidson. Mrs. Davidson does not allege that Defendants improperly shared her own personal medical information. Id. (citing C.D. Supp. Answers at 4.). Instead, Plaintiffs argue that Mrs. Davidson has a legally protected interest in Mr. Davidson's medical information because Mr. Davidson gave her power of attorney. See Pls.' Separate Statement of Facts, Dkt. No. 208 at 1. But a power of attorney does not confer standing to assert another party's constitutional claims. See Johns v. Cty. of San Diego, 114 F.3d 874, 876 (9th Cir. 1997); see also Moreno v. Hanford Sentinel, Inc., 172 Cal.App.4th 1125, 1131 (2009) (holding that plaintiffs did not have standing to bring an invasion of privacy claim for something that happened to their family member). Thus, Mrs. Davidson's power of attorney does not afford her the right to assert Plaintiffs' invasion of privacy claim relating to Mr. Davidson's medical information.
b. Reasonable Expectation of Privacy
Although Defendants do not dispute that Mr. Davidson possesses a legally protected interest in his medical information, they argue neither he nor Mrs. Davidson had a reasonable expectation of privacy related to the medical information. Whether a plaintiff has a reasonable expectation of privacy in the circumstances is a mixed question of law and fact. Hill, 7 Cal.4th at 40. “A ‘reasonable' expectation of privacy is an objective entitlement founded on broadly based and widely accepted community norms.” Id. at 37. “Even when a legally cognizable privacy interest is present, other factors may affect a person's reasonable expectation of privacy. For example, advance notice of an impending action may serve to ‘limit [an] intrusion upon personal dignity and security' that would otherwise be regarded as serious.” Id. (citing Ingersoll v. Palmer, 43 Cal.3d 1321, 1346 (1987)). “[T]he presence or absence of opportunities to consent voluntarily to activities impacting privacy interests obviously affects the expectations of the participant.” Id.
To establish a reasonable expectation of privacy, the plaintiff must have conducted himself or herself in a manner consistent with an actual expectation of privacy. See Heldt, 2019 WL 65103, at *4. This means he “must not have manifested by his or her conduct a voluntary consent to the invasive actions of defendant. If voluntary consent is present, a defendant's conduct will rarely be deemed ‘highly offensive to a reasonable person' so as to justify tort liability.” Id. (citing Hill, 7 Cal.4th at 3).
Here, Defendants contend Plaintiffs did not conduct themselves in a manner suggesting an actual expectation of privacy and point to Plaintiffs' own public disclosures about Mr. Davidson's condition as a reason why. Moreover, Defendants argue Plaintiffs expressly consented to the sharing and use of Mr. Davidson's medical information amongst Defendants in order to assess their appeals. The Court considers each argument in turn.
1. Plaintiffs' Consent
Defendants maintain Plaintiffs “consented to Defendants' sharing of Mr. Davidson's medical information for purposes of administering his benefit claims” and as permitted under Plaintiffs' Plan. Mot. at 15. Defendants add that because no evidence suggests they shared Mr. Davidson's medical information for any purpose other than for the administration of Plaintiffs' claims for benefits under the Plan, Plaintiffs cannot show a reasonable expectation of privacy. Id. at 16 (citing Heldt, 2019 WL 651503 at * 4-*6).
In Heldt, the court considered a similar case in which the plaintiff initiated a claim for long-term disability benefits and, in doing so, provided confidential medical information to his insurance company Guardian life Insurance Company of America (“Guardian Life”). Heldt, 2019 WL 651503 at *1. The plaintiff alleged that Guardian Life invaded his privacy by disclosing PHI to three entities which had been tasked with performing a functional vocational assessment, background check, and surveillance on plaintiff to determine his eligibility for benefits. Id. at *2. Guardian Life in turn argued that the long-term disability policy under which plaintiff sought benefits permitted the release of medical information required to assess the claims for benefits. The court found that the plaintiff had “voluntarily and clearly consented” to Guardian Life releasing his personal information for the purpose of determining his eligibility for benefits by signing authorization forms. Id. at *6. After concluding that the entities did not share the information beyond what was necessary to fulfill that purpose, the court found that the plaintiff could not demonstrate he had a reasonable expectation of privacy. Id.
Here, Plaintiffs were forced to participate in their Plan's appeals process after UHC's determination that the Plan no longer covered Mr. Davidson's care at a skilled nursing facility. The Plan's SPDs set forth an appeals process for denied claims, which authorized certain uses and sharing of identifiable health information. See generally 2015 SPD at 174-176. The appeals process, for example, provided for “review[] by an appropriate individual(s) who did not make the initial benefit determination; and a health care professional with appropriate expertise who was not consulted during the initial benefit determination process.” Id. at 175. In the case of Plaintiffs, Mr. Davidson's medical information was disclosed to representatives at UHC, HPE, and Optum in order to resolve his claims. See July 2020 C. D. Supp. Answers at 4; J.D. Supp. Answers at 4; Apr. 2020 C.D. Supp. Answers at 9-11. But Plaintiffs contend that during the appeals process, they did not consent to have HPE access their protected medical information, Defendants releasing Mr. Davidson's medical information and records to Optum, or to information being shared across the platform of UHC departments to Hewlett-Packard, Inc./HPE and their Executive team and Board of Directors. See J.D. Supp. Answers at 10-12.
Nevertheless, as participants in HPE's medical benefits Plan, Plaintiffs were aware that UHC and HPE could share Mr. Davidson's medical information within and between their organizations, and with Mr. Davidson's health care providers, for purposes of administering his claims for medical benefits. Notably, HPE's Privacy Notice, informed them that PHI could be disclosed without the participant's or beneficiary's written authorization “to determine eligibility for benefits under the Plan, . . . [or] to determine if the claim for benefits [was] covered under the Plan.” Privacy Notice at HPE's Notice of Privacy Practices at 5. Additionally, beneficiaries agreed to have HPE and UHC use their PHI to determine the payment of claims. See 2015 SPD at 194. By accepting benefits under the Plan, beneficiaries also authorized and directed any person or institution who had provided services to furnish HPE and UHC with all information or copies of records related to the services provided. Id. Finally, the SPDs gave HPE and UHC the right to release any and all records concerning health care services which were necessary to implement and administer the terms of the plan. Id.
Under these circumstance, the record suggests that Plaintiffs as participants in the HPE Plan, consented to HPE and UHC sharing information within and amongst their organizations, and with Mr. Davidson's health care providers, for purposes of administering their claims and appeals. Still, Plaintiffs object to not only the sharing of Mr. Davidson's information amongst the different entities but also to how the doctors used the information to negatively impact Mr. Davidson. Opp'n at 15-16. The exhibits they cite in support of this argument, however, do not demonstrate that Defendants were using the information to purposefully harm Mr. Davidson. See e.g., Opp'n, Exs. 4-10; Dr. Green Letter at 1-2. Instead, the letters and correspondence provide an explanation of how Defendants used Mr. Davidson's medical information to determine whether or not he was eligible for certain benefits under the Plan. Thus, Plaintiffs have offered no evidence rebutting Defendants' argument that they did not share Mr. Davidson's medical information for any purpose other than for the administration of Plaintiffs' claims for benefits under the Plan. There is no genuine dispute that, in administering Mr. Davidson's claim, his information was released and shared amongst Defendants as contemplated in the SPDs and Privacy Notice. Further, no evidence suggests Defendants shared Mr. Davidson's information beyond what was necessary to determine whether he was eligible for certain benefits under the Plan.
With regard to any use or sharing of medical information by HPE, Plaintiffs do not offer any actual or admissible evidence to show that HPE's communications and disclosures by individuals within the company, including Robin Young and Kristin Major, were not done to administer the Plan or contrary to the express terms included in the SPDs and the Privacy Notice. See generally Dep. of Robin Young (“Young Dep.”), Dkt. No. 203-11; Dep. of Kristin Major (“Major Dep.”). Additionally, any request for an additional HIPAA release, like the one Plaintiffs allege was made by Robin Young, would not have affected the consent Plaintiffs had already given as members of the Plan and by engaging in its appeals process. See 2015 SPD at 194.
Accordingly, the Court finds that the consent given by Plaintiffs precludes a finding that there was a reasonable expectation of privacy in Mr. Davidson's medical information.
2. Plaintiffs' Own Disclosures of Mr. Davidson's Medical Information
In order to have maintained a reasonable expectation of privacy, Plaintiffs must have also “conducted [themselves] in a manner consistent with an actual expectation of privacy.” Hill, 7 Cal.4th at 26; see also Ortiz v. Los Angeles Police Relief Ass'n, 98 Cal.App.4th 1288, 1306 (2002) (finding the plaintiff conducted herself consistent with an expectation of privacy when she told only one person about the private fact). As detailed above, Plaintiffs publicly disclosed information concerning Mr. Davidson's medical condition repeatedly. For example, Plaintiffs and a family member created a publicly accessible blog on which they wrote about Mr. Davidson's medical condition. See Dkt. No. 203-21 (blog entries mentioning details about Mr. Davidson's ALS condition). Plaintiffs also voluntarily shared such information with the media knowing there was a possibility that it could be shared with others. See Apr. 2020 C.D. Supp. Answers at 10; see also generally Smith v. Maryland, 442 U.S. 735, 743-44 (1979) (holding that there is no expectation of privacy in the telephone numbers one dials and explaining that “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties”). Although the Court recognizes Plaintiffs may have felt compelled to disclose this information to the public, the voluntary sharing of Mr. Davidson's information to several different individuals and platforms demonstrates Plaintiffs did not have a reasonable expectation of privacy in that information.
In sum, “[i]f the undisputed material facts show no reasonable expectation of privacy . . . the question of invasion may be adjudicated as a matter of law.” Hill, 7 Cal.4th at 40 (citations omitted); see also Pioneer Electronics (USA), Inc., 40 Cal.4th 360. Here, Plaintiffs' express actions demonstrate there is no disputed fact as to whether there was a reasonable expectation of privacy in Mr. Davidson's medical information. As such, Plaintiffs cannot succeed on their invasion of privacy claim based on Defendants' sharing and use of Mr. Davidson's medical information.
c. Sufficiently Serious Intrusions
Even if Plaintiffs were able to establish that they had a reasonable expectation of privacy, the undisputed facts show that the exchanging and use of Mr. Davidson's medical information was not sufficiently serious to constitute a violation of his privacy rights. In analyzing a claim of invasion of privacy, the Court must consider the extent and gravity of the disclosure. Hill, 7 Cal.4th at 37. “Actionable invasions of privacy must be sufficiently serious in their nature, scope, and actual or potential impact to constitute an egregious breach of the social norms underlying the privacy right.” Id.
Although Defendants exchanged documents and information concerning Mr. Davidson's medical condition, the record reflects that this information was only shared with the individuals necessary to process Plaintiffs' appeals and to determine the benefits Mr. Davidson was entitled to under the Plan. “If the undisputed material facts show . . . an insubstantial impact on privacy interests, the question of invasion may be adjudicated as a matter of law.” Hill, 7 Cal.4th at 40 (citations omitted). The Court finds as a matter of law that the disclosure of Mr. Davidson's medical information was not sufficiently serious to constitute an egregious breach of the social norms. The information shared by Defendants was minimal and resulted following Plaintiffs' consent.
Thus, Plaintiffs cannot establish an invasion of privacy claim based on the exchange and sharing of Mr. Davidson's medical information between Defendants.
ii. Allegations of Hacking and Intrusions
Alternatively, Plaintiffs premise their constitutional claim for invasion of privacy on Defendants' alleged intrusions, or hacking, into their computer devices. The Court finds, however, that Plaintiffs have failed to support any of the required elements for their claim with record evidence suggesting intrusions occurred or that Defendants are responsible for the alleged intrusions. Indeed, Plaintiffs made clear that “they cannot affirmatively state that it was Defendants or their agents who authorized intrusions” into their electronic devices or electronic data nor can they “specifically identify whether named Defendants engaged in surveillance activities.” Apr. 2020 C.D. Supp. Answers at 5-6; J.D. Supp. Answers at 5. Still, Plaintiffs assert Defendants must be responsible for the intrusions because the alleged computer events they experienced coincided with “key decision points in [this] litigation” and with the “court calendar, filing dates, phone calls from Defendants' attorney, [and] during depositions . . . .” Opp'n at 14; see also J.D. Supp. Answers at 5. But while these facts are concerning, it is pure speculation to infer from them that Defendants are responsible for the alleged intrusions.
The Court cannot find a factual dispute on mere speculation. See Loomis v. Cornish, 836 F.3d 991, 997 (9th Cir. 2016) (“[m]ere allegation and speculation do not create a factual dispute for purposes of summary judgment.”); Cafasso, U.S. ex. rel. v. Gen. Dynamics C4 Sys., Inc., 637 F.3d 1047, 1061 (9th Cir. 2011) (“To survive summary judgment, a plaintiff must set forth non-speculative evidence of specific facts, not sweeping conclusory allegations.”) Further, what evidence there is in the record strongly supports the inference that Defendants played no role in any potential intrusions or hacking of Plaintiffs' electronic devices. Plaintiffs' own computer forensic analyst stated there was no evidence any of the Defendants were responsible for the issues reported by Plaintiffs. See Richmond Dep. at 93:14-94:1. Moreover, the analyst offered alternative explanations for the alleged intrusions experienced by Plaintiffs that do not involve Defendants-namely that outdated drivers and/or user error may have contributed to the issues experienced. See id. at 40:7-11, 117:25-118:, 141: 2-19.
In the face of this evidence, Plaintiffs' speculative allegations are insufficient to avoid summary judgment on their constitutional invasion of privacy claim premised on electronic intrusions.
B. Invasion of Privacy Under California Common Law
i. The Sharing and Use of Mr. Davidson's Medical Information
Plaintiffs' claim for common law invasion of privacy must meet similarly high standards for the type of invasion that is actionable. Under a claim for common law invasion of privacy based on allegations involving a public disclosure of private facts, Plaintiff must allege: “(1) public disclosure (2) of a private fact (3) which would be offensive and objectionable to the reasonable person and (4) which is not of legitimate public concern.” Shulman v. Grp. W Prods., Inc., 18 Cal.4th 200, 214 (1998). The absence of any one of these elements is a complete bar to liability. Id. at 214-15. Plaintiffs' common law invasion of privacy claim is similarly premised on the belief that Defendants' exchange and use of Mr. Davidson's medical information and the alleged electronic intrusions interfered with their right to privacy.
Here, Plaintiffs' claim fails because the undisputed record reflects that Defendants did not publicly disclose any information, let alone any private facts, regarding Mr. Davidson's medical information. Rather, disclosures were limited to individuals within HPE, UHC, Optum, and Mr. Davidson's treating physicians or their representatives as dictated by the Plan's SPDs and Privacy Notice. See J.D. Supp. Answers at 2-4. Given their confined nature, the disclosures were not, as a matter of law, a communication serving as a public disclosure. See Benson v. Life Inc. Co. of N. Am., 725 Fed.Appx. 579 (9th Cir. 2018) (affirming dismissal of a claim for public disclosure of private facts because “alleged disclosure was not ‘widely published' but rather was ‘confined to a few persons or limited circumstances'”) (citation omitted).
Furthermore, Plaintiffs cannot show as a matter of law, that Mr. Davidson's medical information was “private.” “A matter that is already public or that previously became part of the public domain is not private.” Moreno v. Hanford Sentinel, Inc., 172 Cal.App.4th 1125, 1130 (2009) (citing Sipple v. Chron. Publ'g Co., 154 Cal.App.3d 1040, 1047 (1984)). Plaintiffs do not dispute that they disclosed detailed information about Mr. Davidson's medical condition and his treatment on a publicly available blog. See Public Blog, Dkt. No. 203-21. They also do not dispute discussing Mr. Davidson's medical condition with members of the media and public. Under these circumstances, no reasonable person would have had an expectation of privacy regarding the information shared and published by Plaintiffs.
ii. Allegations of Hacking and Intrusions
The Court also finds that Plaintiffs cannot prove their common law invasion of privacy claim through allegations of intrusions or hacking. As outlined in the Court's discussion of Plaintiffs' invasion of privacy claim under the California Constitution, there is no record evidence that Defendants intruded or hacked Plaintiffs' electronic devises. Plaintiffs' mere speculation is not sufficient to show a genuine issue of material fact. Cafasso, U.S. ex rel, 637 F.3d at 1061.
Thus, Plaintiffs are unable to defeat summary judgment as they cannot establish an invasion of privacy claim under California common law.
V. CONCLUSION
For the foregoing reasons, Defendants' Motion for Summary Judgment is GRANTED and Plaintiffs' invasion of privacy claim under both the California Constitution and California common law is DISMISSED with prejudice. The Clerk of the Court shall close the file and a judgment in favor of Defendants shall follow.
IT IS SO ORDERED.