United States District Court, D. Massachusetts
MEMORANDUM & ORDER
Nathaniel M. Gorton United States District Judge
This case arises from allegations that defendants intentionally accessed a protected computer database in order to obtain information about plaintiff’s patients and to accuse plaintiff falsely of Medicaid fraud.
Pending before the Court are defendants’ motion to dismiss the complaint and plaintiff’s motion for sanctions. For the reasons that follow, defendants’ motion to dismiss will be allowed and plaintiff’s motion for sanctions will be denied.
The Court accepts as true the following allegations by plaintiff Bharanidharan Padmanabhan (“plaintiff” or “Padmanabhan”) for the purpose of resolving the motion to dismiss.
Plaintiff is a doctor and neurologist who lives and works in Massachusetts and has chosen to represent himself pro se. Plaintiff filed a criminal complaint against the former Director of the Massachusetts Office of Medicaid in March, 2013 and a second criminal complaint against defendant James Paikos (“Paikos”) in January, 2015 for aiding and abetting Medicaid fraud. The Massachusetts Attorney General apparently declined even to investigate those allegations.
In September, 2015, plaintiff filed a complaint against the following defendants: 1) Maura Healey (“Healey”), the Attorney General of the Commonwealth of Massachusetts, 2) Steven Hoffman (“Hoffman”), the Deputy Chief of the Medicaid Fraud Division at the Office of the Attorney General, 3) Chris Cecchini (“Cecchini”), an investigator at the Office of the Attorney General, 4) Adele Audet (“Audet”), the Assistant Director of the Drug Control Program at the Massachusetts Department of Public Health who oversees the Prescription Monitoring Program computer database (“the PMP database”), 5) Paikos, an investigator for the Massachusetts Executive Office of Health and Human Services (“the Massachusetts HHS”), 6) Loretta Kish Cooke (“Cooke”), an investigator who works alongside Paikos at the Massachusetts HHS, 7) Jane Doe, an unidentified female agent of the Office of the Attorney General or the Massachusetts State Police and 8) other unidentified defendants.
The complaint asserts that 1) defendants unlawfully accessed the protected PMP database in April, 2015 to obtain a list of 16 patients who were treated by plaintiff and who received Medicaid benefits, 2) Healey falsely and maliciously accused him of violating the Social Security Act and committing Medicaid fraud, 3) Healey improperly sought access to the unredacted medical records of the 16 patients and 4) Healey sent Cecchini and Jane Doe to his house to arrest him and to seize his computer and medical records under the pretext of legitimate investigative activity. Those actions allegedly violated a) the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, et seq., b) the Stored Communications Act (“SCA”), 18 U.S.C. § 2701, c) the equitable “Clean Hands Doctrine” and d) unidentified statutes concerning civil conspiracy.
II. Defendants’ motion to dismiss
A. Legal standard
To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to state a claim to relief that is plausible on its face.
Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). Exhibits attached to the complaint are properly considered “part of the pleading for all purposes.” Fed.R.Civ.P. 10(c). In considering the merits of a motion to dismiss, the Court must accept all factual allegations in the complaint as true and draw all reasonable inferences in the plaintiff's favor.
Santiago v. Puerto Rico, 655 F.3d 61, 72 (1st Cir. 2011). Threadbare recitals of the legal elements, supported by mere conclusory statements, do not suffice to state a cause of action.
Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). A complaint does not state a claim for relief where the well-pled facts fail to warrant an inference of any more than the mere possibility of misconduct. Id. at 679.
1. The Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act prohibits an individual from 1) intentionally accessing a computer without authorization or exceeding authorized access and thereby 2) obtaining information from any federal department, federal agency or protected computer. 18 U.S.C. § 1030(a)(2).
A “protected computer” is a computer that 1) is exclusively used by the federal government, 2) is used by or for the federal government and the conduct constituting the offense affects that use by or for the federal government or 3) is used in or affects interstate or foreign commerce or communication of the United States. § 1030(e)(2). The statute defines “exceed[ing] authorized access” as accessing a computer with authorization and using that access to obtain or alter information without authorization. § 1030(e)(6).
The CFAA provides a private right of action to any person who suffers “damage or loss by reason of a violation” of the CFAA. § 1030(g). The statute defines “damage” as any “impairment to the integrity or availability of data, ...