Stanford Hospital Privacy Breach Puts Data Online - News - @ JEMS.com


Stanford Hospital Privacy Breach Puts Data Online

The breach led to the posting online of medical information for thousands of patients


 
 

| Friday, September 9, 2011


PALO ALTO, Calif. (AP) — Stanford Hospital in California is blaming a subcontractor used by an outside vendor for a privacy breach that led to the posting online of medical information for thousands of emergency room patients.

The breach was first reported Friday by the New York Times (http://nyti.ms/p84zWa ). The data of 20,000 patients, including names and diagnosis codes, remained on a commercial website for nearly a year until it was discovered last month and taken down, according to the newspaper.

In a statement, Stanford Hospital said the file that contained the patient information and was posted to the site was created by a subcontractor employed by one of its vendors, Multi Specialties Collection Services.

The hospital did not name the subcontractor, but it said Multi Specialties Collection Services is investigating how the company caused patient information to be posted to the website. Stanford said that in the meantime, it has suspended working with Multi Specialties Collection Services.

"This incident was not caused by the hospital, and responsibility has been assumed by a contractor working with the vendor," the hospital said in its statement.

Breaches of medical data are common though most typically involve lost or stolen computers or storage devices.

Roughly one-fifth of the publicly disclosed breaches in the last seven years have involved health care providers, according to a database kept by the Privacy Rights Clearinghouse.

The digitization of medical data is creating new problems, as the information travels more easily among the dozens of contractors that are typically authorized to handle a person's medical records and is more easily lost or accidentally posted online.

Last month, The Associated Press reported on a California firm that posted the medical files of nearly 300,000 workers' compensation patients on a website that the firm mistakenly believed only its employees could see.

In the Stanford case, the data ended up on a homework-help website called Student of Fortune, according to the New York Times.

Someone needing help converting data into a bar graph posted a spreadsheet along with the sensitive information, Gary Migdol, a spokesman for the hospital, told the Times. The spreadsheet first appeared there a year ago Friday, Migdol said.

The privacy breach did not involve any hacking, and data weren't on Stanford's or the collection agency's website, but on Student of Fortune's.

The information also contained medical record numbers, hospital account numbers, emergency room admission and discharge dates and billing charges, according to the hospital. It did not contain credit card or Social Security numbers, information commonly associated with identity theft.

The affected patients were seen by the hospital's emergency department between March 1, 2009, and Aug. 31, 2009.

"The hospital notified affected patients quickly and also arranged for free identity protection services, though the data involved is not associated with identity theft," the hospital said in its statement.

Migdol told the Times that he expected the federal Department of Health and Human Services to conduct its own investigation. Susan McAndrew, a deputy director in the department's Office for Civil Rights, said she could not discuss whether an investigation was in progress.



Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


Connect: Have a thought or feedback about this? Add your comment now
Related Topics: News, data privacy, patient privacy, Stanford Hospital

What's Your Take? Comment Now ...

Buyer's Guide Featured Companies

Featured Careers & Jobs in EMS

Get JEMS in Your Inbox

 

Fire EMS Blogs


Blogger Browser

Today's Featured Posts

 

EMS Airway Clinic

Improving Survival from Cardiac Arrest Using ACD-CPR + ITD

Using active compression-decompression CPR with an ITD has been shown to improve 1-year survival from cardiac arrest by 33%.
More >

Multimedia Thumb

Philadelphia Fire Department Apologizes for Medic’s Jab at Police

Union head calls photos a slap in the face of officers.
Watch It >


Multimedia Thumb

D.C. Fire and EMS Crews Blame New Technology for Patient’s Death

Delayed response blamed on recurring dispatch problems.
Watch It >


Multimedia Thumb

Suspect Steals, Crashes Maryland Ambulance

One killed, others injured in Prince George’s County crash.
Watch It >


Multimedia Thumb

Truck Strikes Pedestrians in Scotland

Six killed in downtown Glasgow.
More >


Multimedia Thumb

Tennessee Trench Rescue

Worker pulled from Roane County worksite.
More >


Multimedia Thumb

Time’s Ebola Firefighters

Doctors, nurses and others saluted for fighting virus.
More >


Multimedia Thumb

The AmbuBus®, Bus Stretcher Conversion Kit - EMS Today 2013

AmbuBus®, Bus Stretcher all-hazards preparedness & response tool
Watch It >


Multimedia Thumb

LMA MAD Nasal™

Needle-free intranasal drug delivery.
Watch It >


Multimedia Thumb

VividTrac offered by Vivid Medical - EMS Today 2013

VividTrac, affordable high performance video intubation device.
Watch It >


More Product Videos >