The Northern District of California denied Defendant Therapymatch’s motion to dismiss the third amended complaint. The ruling addresses claims under California’s Confidentiality of Medical Information Act (CMIA) and the California Consumer Privacy Act (CCPA).
Key Allegations
Plaintiff claims the online platform collected and shared detailed medical and personal information—including symptoms, mental health conditions, and therapy preferences—without proper authorization. The complaint further alleges that this information was accessed by third parties, specifically Google, for purposes such as advertising and analytics.
Ultimately, the court accepted the plaintiff’s factual allegations as true for purposes of the motion and determined they were sufficiently specific.
CMIA Claims: Substantive Medical Information and Improper Access
The court found that the plaintiff sufficiently alleged the disclosure of “substantive” medical information as defined by the CMIA. This included not only demographic data, but also specific details about the plaintiff’s mental health symptoms, reasons for seeking therapy, and preferences for treatment. The court noted that such information, when combined with personally identifiable details, meets the statutory definition of “medical information.”
The court also determined that plaintiff adequately alleged improper access by Google. The complaint described how Google purportedly viewed and used the information for its own business purposes, such as targeted advertising and analytics. The court cited recent case law supporting the view that such alleged access by third parties can constitute a violation of the CMIA.
The TAC alleges that Google accessed M.G.’s information and that of the putative class members, then “used [it] for its own purposes, including improving Google’s advertising and analytics services offerings and revenue,” TAC ¶ 123, by “measur[ing] the effectiveness of advertising and personaliz[ing] content and ads that one sees on Google’s and its partners’ sites and applications,” TAC ¶ 31; see also TAC ¶¶ 15, 42. Accepting M.G.’s allegations as true and viewing them in the light most favorable to him, the Court finds M.G. has alleged that Google “viewed or otherwise accessed” his information in violation of CMIA. Stasi, 501 F. Supp. 3d at 922; see also R.C., 2025 WL 948060, at *5 (finding plaintiffs sufficiently alleged unlawful viewing where they alleged Google collected information and used it for its marketing and analytics services); Cousin v. Sharp Healthcare, 702 F. Supp. 3d 967, 975 (S.D. Cal. 2023) (denying motion to dismiss CMIA claim and finding it was “sufficiently plausible” that plaintiffs’ information was “viewed or otherwise accessed” as defined by the CMIA where plaintiffs alleged upon information and belief that “Meta regularly viewed” the information and that Meta’s business model involves using the information for targeted advertising).
CCPA Claims: No Re-Litigation of Previously Decided Issues
The defendant also sought to dismiss the plaintiff’s CCPA claim. However, the court had already denied a previous motion to dismiss this claim and held that the defendant could not re-argue issues that had already been decided. The court declined to exercise discretion to revisit the matter, reinforcing the finality of its earlier ruling.
M.G., Plaintiff, v. THERAPYMATCH, INC., Defendant., No. 23-CV-04422-AMO, 2025 WL 1447432 (N.D. Cal. May 19, 2025).
