The California Supreme Court held yesterday that a statute providing a cause of action for disclosures of confidential medical records only requires a showing that a leak exposed a user’s information to “a significant risk of unauthorized access,” disapproving a line of cases saying that a plaintiff must prove that the information was “actually viewed.”