Padmanabhan v. Healey

*222MEMORANDUM & ORDER

GORTON, United States District Judge

This case arises from allegations that defendants intentionally accessed a protected computer database in order to obtain information about plaintiffs patients and to accuse plaintiff falsely of Medicaid fraud.

Pending before the Court are defendants’ motion to dismiss the complaint and plaintiffs motion for sanctions. For the reasons that follow, defendants’ motion to dismiss will be allowed and plaintiffs motion for sanctions will be denied.

I. Background

The Court accepts as true the following allegations by plaintiff Bharanidharan Padmanabhan (“plaintiff’ or “Padmana-bhan”) for the purpose of resolving the motion to dismiss.

Plaintiff is a doctor and neurologist who lives and works in Massachusetts and has chosen to represent himself pro se. Plaintiff filed a criminal complaint against the former Director of the Massachusetts Office of Medicaid in March, 2013 and a second criminal complaint against defendant James Paikos (“Paikos”) in January, 2015 for aiding and abetting Medicaid fraud. The Massachusetts Attorney General apparently declined even to investigate those allegations.

In September, 2015, plaintiff filed a complaint against the following defendants: 1) Maura Healey (“Healey”), the Attorney General of the Commonwealth of Massachusetts, 2) Steven Hoffman (“Hoffman”), the Deputy Chief of the Medicaid Fraud Division at the Office of the Attorney General, 3) Chris Cecchini (“Cecchini”), an investigator at the Office of the Attorney General, 4) Adele Audet (“Audet”), the Assistant Director of the Drug Control Program at the Massachusetts Department of Public Health who oversees the Prescription Monitoring Program computer database (“the PMP database”), 5) Pai-kos, an investigator for the Massachusetts Executive Office of Health and Human Services (“the Massachusetts HHS”), 6) Loretta Kish Cooke (“Cooke”), an investigator who works alongside Paikos at the Massachusetts HHS, 7) Jane Doe, an unidentified female agent of the Office of the Attorney General or the Massachusetts State Police and 8) other unidentified defendants.

The complaint asserts that 1) defendants unlawfully accessed the protected PMP database in April, 2015 to obtain a list of 16 patients who were treated by plaintiff and who received Medicaid benefits, 2) Healey falsely and maliciously accused him of violating the Social Security Act and committing Medicaid fraud, 3) Healey improperly sought access to the unredacted medical records of the 16 patients and 4) Healey sent Cecchini and Jane Doe to his house to arrest him and to seize his computer and medical records under the pretext of legitimate investigative activity. Those actions allegedly violated a) the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030 et seq., b) the Stored Communications Act (“SCA”), 18 U.S.C. § 2701, c) the equitable “Clean Hands Doctrine” and d) unidentified statutes concerning civil conspiracy.

II. Defendants’ motion to dismiss

A. Legal standard

To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to state a claim to relief that is plausible on its face. Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). Exhibits attached to the complaint are properly considered “part of the pleading for all *223purposes.” Fed. R. Civ. P. 10(c). In considering the merits of a motion to dismiss, the Court must accept all factual allegations in the complaint as true and draw all reasonable inferences in the plaintiffs favor. Santiago v. Puerto Rico, 655 F.3d 61, 72 (1st Cir.2011). Threadbare recitals of the legal elements, supported by mere conclusory statements, do not suffice to state a cause of action. Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009). A complaint does not state a claim for relief where the well-pled facts fail to warrant an inference of any more than the mere possibility of misconduct. Id. at 679, 129 S.Ct. 1937.

B. Application

1. The Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act prohibits an individual from 1) intentionally accessing a computer without authorization or exceeding authorized access and thereby 2) obtaining information from any federal department, federal agency or protected computer. 18 U.S.C. § 1030(a)(2).

A “protected computer” is a computer that 1) is exclusively used by the federal government, 2) is used by or for the federal government and the conduct constituting the offense affects that use by or for the federal government or 3) is used in or affects interstate or foreign commerce or communication of the United States. § 1030(e)(2). The statute defines “exceeding] authorized access” as accessing a computer with authorization and using that access to obtain or alter information without authorization. § 1030(e)(6).

The CFAA provides a private right of action to any person who suffers “damage or loss by reason of a violation” of the CFAA. § 1030(g). The statute defines “damage” as any “impairment to the integrity or availability of data, a program, a system, or information” and “loss” as

any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service ....

§§ 1030(e)(8), (11).

Here, Count 1 asserts that defendants' unlawfully accessed the protected computers hosting the PMP database 1) in violation of 105 CMR 700.012 because the access occurred during a Medicaid fraud investigation, not a drug-related investigation, and with insufficient cause, given that plaintiff has never “billed the Government” for treating Medicaid patients and 2) for the criminal or tortious purpose of “aiding and abetting Medicare Fraud and tampering with a witness who reported it.” Padmanabhan proclaims that those actions violated § 1030 and caused him financial and professional losses comprising 1) “direct costs owing to having to respond to this violation” such as consulting with affected patients, seeking legal advice and initiating this action and 2) harm to his professional reputation and ability to practice medicine.

Defendants move for dismissal for failure to state a claim under § 1030. They dispute that the computers hosting the PMP database are “protected computers” and contend that plaintiff failed to specify which, if any, of the defendants accessed the PMP database with the requisite intent. They argue that, even if one or more of them did access the database, their conduct was specifically authorized by the Office of the Attorney General and is thus expressly exempt from § 1030 as lawfully authorized investigative activity. Defendants further proclaim that plaintiff suf*224fered no cognizable damage or loss under the statute because his purported injuries were not

directly related to the costs incurred by an owner of a computer associated with repairing or restoring the computer, a loss of access to or use of the computer, or uncovering the extent of unauthorized access to the computer.

The Court agrees with defendants that the patient consulting costs, legal fees and professional injuries claimed by plaintiff do not qualify as losses under the statute. Although the First Circuit Court of Appeals has held that the CFAA does not restrict “loss” under the statute to purely physical damage, EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577, 584 (1st Cir.2001), nothing in the statute suggests that the alleged loss or costs can be for matters unrelated to the computer, Shirokov v. Dunlap, Grubb & Weaver, PLLC, 2012 WL 1065578, at *24 (D.Mass. Mar. 27, 2012). Plaintiff does not claim, for example, that defendants’ alleged actions 1) affected or impaired his ability to use the computers hosting the PMP database, 2) required him to engage in computer investigation or repair or 3) forced him to incur costs due to an inoperative computer system. See Shirokov, 2012 WL 1065578, at *24. Nor do his legal fees constitute loss under the statute because they are not directly attributable to the alleged access to the PMP database. See id.

Accordingly, the complaint does not assert a qualifying loss within the meaning of § 1030 of the CFAA. The Court will allow defendants’ motion to dismiss Count 1 for failure to state a claim.

2. The Stored Communications Act

The Stored Communications Act prohibits an individual from 1) intentionally accessing a facility that provides an electronic communication service without authorization or exceeding an authorization to access that facility and thereby 2) obtaining, altering or preventing authorized access to an electronic communication while it is in electronic storage in such a system. 18 U.S.C. § 2701(a). The SCA defines “electronic communication” by reference to 18 U.S.C. § 2510 which, in turn, defines it as

any transfer of signs, signals, writings, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce ....

18 U.S.C. § 2711(1) (referring to § 2510(12)). The term “electronic storage” means

any temporary, intermediate storage of ... [an] electronic communication incidental to the electronic transmission thereof; and [ ] any storage of such communication by an electronic communication service for purposes of backup protection of such communieation[.]

18 U.S.C. § 2711(1) (referring to § 2510(17)).

The SCA provides a private right of action to any “person aggrieved” by conduct that violates the SCA and that was performed with a knowing or intentional state of mind. 18 U.S.C. § 2707(a). An “aggrieved person” is a person who was a party to an intercepted electronic communication or against whom the interception was directed. 18 U.S.C. § 2711(1) (referring to § 2510(11)).

In our case, plaintiff alleges in Count 2 that defendants unlawfully accessed the computer system which hosts the PMP database without authorization or, alternatively, in excess of any authorization, and thereby accessed patient information stored in the database. Plaintiff reiterates that defendants lacked or exceeded any *225authorization because 1) their access was in violation of 105 CMR 700.012 and 2) they acted pursuant to a criminal or tor-tious purpose.

Defendants respond that plaintiff fails to state a claim under the SCA because 1) the patient information in the PMP database is not “electronic information in electronic storage” and is therefore unprotected by the statute and 2) he is not a “person aggrieved” because he has no ownership, privacy or confidentiality right in that information.

The Court agrees with defendants that plaintiff fails to allege that the purportedly accessed information is protected by the SCA. That is because plaintiff neither claims that the patient information is an electronic communication within the meaning of § 2510(12) nor asserts that the PMP database is stored at a facility that provides an electronic communication service.

Accordingly, the complaint does not state a claim under § 2701 of the SCA and defendants’ motion to dismiss Count 2 will be allowed.

3. Equitable relief

Count 3 of the complaint seeks various forms of equitable relief to remedy the alleged constitutional, statutory and regulatory violations by defendants. Specifically, plaintiff alleges violations of the Fourth Amendment, the CFAA, the SCA, 18 U.S.C. § 4, other unidentified federal laws, 105 CMR 700.012 and the equitable doctrine of “unclean hands.” He also claims that defendant Healey’s “demand” for access to the patient records was “a deliberate malicious end run around the precedent set by” the Massachusetts Supreme Judicial Court (“the SJC”) in Commonwealth v. Kobrin, 395 Mass. 284, 479 N.E.2d 674 (1985).

The Court will dismiss Count 3 for failure to state a claim. Plaintiff has not properly asserted a claim for relief under the CFAA or the SCA. The “unclean hands” doctrine is inapplicable because it provides an affirmative defense by which a defendant may preclude a plaintiff from equitable relief due to the plaintiffs own engagement in relevant misconduct. Vaqueria Tres Monjitas, Inc, v. Irizarry, 587 F.3d 464, 480 (1st Cir.2009). The SJC decision in Kobrin addresses the scope of the psychotherapist-patient privilege under M.G.L. c. 233, § 20B, an issue that is not presented by the facts of this case. See Kobrin, 395 Mass. at 284-85, 479 N.E.2d 674.

Conclusory allegations that defendants falsely accused plaintiff of Medicaid fraud, seized his medical records despite a “total absence of real evidence” and engaged in witness intimidation and tampering do not, in the absence of supporting factual assertions, state a valid claim under the Fourth Amendment. General and vague statements that the alleged conduct violated 18 U.S.C. § 4 and other unidentified federal statutes also do not suffice to set forth a plausible claim for relief.

Furthermore, 105 CMR 700.012 is a regulation that implements M.G.L. c. 94C, § 24A, a statute that is enforced by the Massachusetts Department of Public Health. § 24A (authorizing the department to promulgate regulations); M.G.L. c. 94C, § 49 (authorizing the department to enforce § 24A in accordance with the rules and regulations that it promulgates); 105 CMR 700.000 (identifying § 24A as a source of regulatory authority). That regulation does not provide plaintiff with a private cause of action.

Accordingly, defendants’ motion to dismiss Count 3 for failure to state a claim will be allowed.

*2264. Civil conspiracy

Count 4 alleges that defendants conspired together to access protected patient information “simply because they were Plaintiffs patients” and in intentional violation of 105 CMR 700.012 and the CFAA.

Conclusory statements that defendants deliberately committed regulatory and statutory violations and accessed information under the pretext of legitimate investigative activity do not, by themselves, set forth a plausible claim for relief. Accordingly, the Court will allow defendants’ motion to dismiss Count 4 for failure to state a claim.

III. Plaintiffs motion for sanctions

Local Rule 7.1(a)(2) provides that:

No motion shall be filed unless counsel certify that they have conferred and have attempted in good faith to resolve or narrow the issue.

LR 7.1(a)(2). Plaintiff moves for sanctions against defendants and defense counsel for purportedly failing to confer with him in good faith before filing their motion to dismiss.

A district court, however, possesses “great leeway in the application and enforcement of its local rules.” Gauthier v. United States, 2011 WL 3902770, at *11 (D.Mass. Sept. 2, 2011)(citing United States v. Roberts, 978 F.2d 17, 20 (1st Cir.1992)). ' Sanctions’ are unwarranted where conferral between the parties likely would not have resolved or narrowed the issues and plaintiff, in any event, would have opposed the motion. See Laporte v. Lab. Corp. of Am. Holdings, 2014 WL 2818591, at *7 (D.Mass. June 20, 2014).

Here, the Court finds defendants’ explanation for their lack of conferral reasonable in light of plaintiffs reluctance to communicate with their lead counsel and his opposition to the motion to dismiss in its entirety. Accordingly, the Court will deny plaintiffs second motion for sanctions.

ORDER

For the foregoing reasons, defendants’ motion to dismiss (Docket No. 23) is ALLOWED and plaintiffs motion for sanctions (Docket No. 35) is DENIED.

Furthermore, the Court forewarns plaintiff, once again, that he will be subject to the imposition of sanctions himself if he continues to make gratuitous, inflammatory and groundless charges against defendants and their counsel.

So ordered.