Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Sunil Gupta, M.D., LLC v. Franklin

United States District Court, S.D. Alabama, Southern Division

November 9, 2017

SUNIL GUPTA, M.D., LLC, d/b/a RETINA SPECIALITY INSTITUTE Plaintiff,
v.
ALAN FRANKLIN, TRACY WILSON, and MONICA PAYTON Defendants.

          MEMORANDUM OPINION AND ORDER

          KATHERINE P. NELSON UNITED STATES MAGISTRATE JUDGE

         On July 21, 2017, Plaintiff Sunil Gupta, M.D. LLC d/b/a Retina Specialty Institute (herein after “Plaintiff” or “RSI”) filed a two count complaint against Defendants Dr. Alan Franklin, Tracy Wilson, and Monica Payton (herein after referred to by their last names or as “Defendants”). (Doc. 1). According to the Complaint, this Court has jurisdiction over this matter pursuant to 28 U.S.C. § 1331, as Count One asserts a claim arising under the laws of the United States. The Court has supplemental jurisdiction over Count Two, a state law claim, pursuant to 28 U.S.C. §1367(a). The Complaint also states that this Court has diversity jurisdiction pursuant to 28 U.S.C. § 1332 as the amount in controversy exceeds $75, 000 and the parties are citizens of different states.

         With the consent of the parties, the Court has designated the undersigned Magistrate Judge to conduct all proceedings and order the entry of judgment in this civil action, in accordance with 28 U.S.C. § 636(c), Federal Rule of Civil Procedure 73, and S.D. Ala. GenLR 73. (See Docs. 27-28).

         Pursuant to Federal Rule of Civil Procedure 12(b)(6), Franklin filed a motion to dismiss both counts. (Doc. 12). Pro se Defendants Wilson and Payton have adopted Defendant Franklin's motion. (Docs. 13-14). Plaintiff and Defendants filed a timely response and reply. (Doc. 18-19). Upon consideration, and for the reasons discussed herein, the motions to dismiss (Docs. 12, 13, and 14) are DENIED.

         BACKGROUND

         RSI is a Delaware limited liability corporation, formed by Sunil Gupta, M.D. Its principal place of business is in Escambia County, Florida. (Doc. 1 at 2). The membership of RSI is comprised of three physicians who are Florida citizens. (Doc. 1 at 2-3). RSI also employs a number of other physicians (ophthalmologists) specializing in the treatment of retina disease and injury. (Id.).

         Defendant Franklin, is a physician, former employee, former member, former and manager of RSI. (Doc. 1 at 3, ¶ 12). Defendants Wilson and Payton, both ophthalmic technicians, were formerly employed by RSI. (Id. at ¶¶ 13-14). All Defendants were employed at RSI's Mobile, Alabama location. (Doc. 1 at 3).

         In February 2017, following an interview process and other preparations, Franklin accepted employment with Mobile Infirmary Medical Center, Diagnostic and Medical Clinic (“DMC”). In early March 2017, Wilson and Payton applied for employment with DMC. According to the Complaint, before resigning from employment with RSI, “…Franklin instructed Wilson and Payton to download confidential RSI patient data from RSI's practice management system on a portable hard drive provided by Franklin.” (Doc. 1 at 4, ¶19). Per the Complaint:

Wilson and Payton used an RSI computer to log into RSI's practice management system, which required a password and/or login credentials, and download confidential RSI patient data and other confidential RSI data. The confidential RSI patient information included patient names, addresses, phone numbers, medical notes, insurance information, and appointment schedules for tens of thousands of RSI patients….Franklin also downloaded, with the assistance of Payton and Wilson, retinal scans of a number of RSI patients from RSI's network onto a portable hard drive supplied by Franklin….On the same day that Franklin, Wilson, and Payton downloaded the confidential RSI patient data from RSI's practice management system, they provided the information to DMC so DMC would have contact information to use in communicating with patients after Dr. Franklin moved to DMC.

(Doc. 1 at 4-5, ¶¶ 20-21). The Complaint alleges that there were RSI policies prohibiting such access and use, and that the Defendants knew about these policies. (Doc. 1 at 5, ¶¶ 22-23).

         Plaintiff alleges that Defendants' conduct amounts to violations of the Computer Fraud and Abuse Act, codified at 18 U.S.C. § 1030 (Count One) and the Alabama Digital Crime Act, codified at Ala. Code §13A-8-112 (Count Two).

         STANDARD OF REVIEW

         When considering a Rule 12(b)(6) motion to dismiss, the Court must accept as true the allegations set forth in the complaint drawing all reasonable inferences in the light most favorable to the plaintiff. Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555-56 (2007). Even so, a complaint offering mere “labels and conclusions” or “a formulaic recitation of the elements of a cause of action” is insufficient. Ashcroft v. Iqbal, 556 U.S 662, 678 (2009) (quoting Twombly, 550 U.S. at 555); accord Fin. Sec. Assurance. Inc. v. Stephens, Inc., 500 F.3d 1276, 1282-83 (11th Cir. 2007). Further, the complaint must “contain sufficient factual matter, accepted as true, ‘to state a claim to relief that is plausible on its face.” ‘ Iqbal, 556 U.S. at 678 (citing Twombly, 550 U.S. at 570). Put another way, a plaintiff must plead “factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id. This so-called “plausibility standard” is not akin to a probability requirement; rather, the plaintiff must allege sufficient facts such that it is reasonable to expect that discovery will lead to evidence supporting the claim. Id.

         ANALYSIS

         I. Computer Fraud and Abuse Act (Count One)

         Count One alleges that all Defendants have violated the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. §§ 1030 et seq., as follows:

28. Defendants intentionally accessed and downloaded confidential RSI patient information from RSI's practice management system using RSI computers without authorization.
29. Defendants acted in concert with DMC to use the information for an improper purpose and in violation of RSI policies and procedures and applicable state and federal laws, including HIPAA
30. RSI's computer network and practice management system that were wrongfully accessed by Defendants are used in interstate commerce.
31. Defendants' unlawful actions have caused RSI to suffer loss and damages, including without limitation costs of responding to Defendants' conduct, conducting a damage assessment, and other costs. RSI's losses resulting from Defendants' conduct exceed $5, 000.00.

(Doc. 1, Complaint at 6). The Complaint also contains allegations that the Defendants were aware of RSI's policies prohibiting RSI employees from downloading patient information for personal use or for use by anyone other than a RSI employee. (Doc. 1 at 5, ¶22-23). The policy prohibited RSI employees from downloading patient information without express approval from practice management. (Id.).

         The CFAA defines seven categories of conduct that can give rise to civil or criminal liability. Those seven categories of conduct are contained within § 1030(a)(1)-(7). Construing the allegations liberally, as detailed in its Complaint and response brief it appears Plaintiff is asserting that Defendants accessed a protected computer in excess of their authority to do so, with resulting damage and/or loss. (Docs. 1 and 18 at 4-5). Thus, the Court assumes Plaintiff is alleging that Defendants violated subsections (a)(2)(C), (a)(4), (a)(5) and/or (a)(6) of 18 U.S.C. § 1030, which provide in relevant part that civil liability may be imposed upon whoever:

(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains- …
(C) information from any protected computer
-or-
(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.