Stanford Hospital Privacy Breach Puts Data Online

The breach led to the posting online of medical information for thousands of patients


 
 

| Friday, September 9, 2011


PALO ALTO, Calif. (AP) — Stanford Hospital in California is blaming a subcontractor used by an outside vendor for a privacy breach that led to the posting online of medical information for thousands of emergency room patients.

The breach was first reported Friday by the New York Times (http://nyti.ms/p84zWa ). The data of 20,000 patients, including names and diagnosis codes, remained on a commercial website for nearly a year until it was discovered last month and taken down, according to the newspaper.

In a statement, Stanford Hospital said the file that contained the patient information and was posted to the site was created by a subcontractor employed by one of its vendors, Multi Specialties Collection Services.

The hospital did not name the subcontractor, but it said Multi Specialties Collection Services is investigating how the company caused patient information to be posted to the website. Stanford said that in the meantime, it has suspended working with Multi Specialties Collection Services.

"This incident was not caused by the hospital, and responsibility has been assumed by a contractor working with the vendor," the hospital said in its statement.

Breaches of medical data are common though most typically involve lost or stolen computers or storage devices.

Roughly one-fifth of the publicly disclosed breaches in the last seven years have involved health care providers, according to a database kept by the Privacy Rights Clearinghouse.

The digitization of medical data is creating new problems, as the information travels more easily among the dozens of contractors that are typically authorized to handle a person's medical records and is more easily lost or accidentally posted online.

Last month, The Associated Press reported on a California firm that posted the medical files of nearly 300,000 workers' compensation patients on a website that the firm mistakenly believed only its employees could see.

In the Stanford case, the data ended up on a homework-help website called Student of Fortune, according to the New York Times.

Someone needing help converting data into a bar graph posted a spreadsheet along with the sensitive information, Gary Migdol, a spokesman for the hospital, told the Times. The spreadsheet first appeared there a year ago Friday, Migdol said.

The privacy breach did not involve any hacking, and data weren't on Stanford's or the collection agency's website, but on Student of Fortune's.

The information also contained medical record numbers, hospital account numbers, emergency room admission and discharge dates and billing charges, according to the hospital. It did not contain credit card or Social Security numbers, information commonly associated with identity theft.

The affected patients were seen by the hospital's emergency department between March 1, 2009, and Aug. 31, 2009.

"The hospital notified affected patients quickly and also arranged for free identity protection services, though the data involved is not associated with identity theft," the hospital said in its statement.

Migdol told the Times that he expected the federal Department of Health and Human Services to conduct its own investigation. Susan McAndrew, a deputy director in the department's Office for Civil Rights, said she could not discuss whether an investigation was in progress.



Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


Connect: Have a thought or feedback about this? Add your comment now
Related Topics: News, data privacy, patient privacy, Stanford Hospital

What's Your Take? Comment Now ...

Featured Careers & Jobs in EMS





 

Get JEMS in Your Inbox

 

Fire EMS Blogs


Blogger Browser

Today's Featured Posts

 

EMS Airway Clinic

Innovation & Progress

Follow in the footsteps of these inspirational leaders of EMS.
More >

Multimedia Thumb

Image Trend: ALS Ice Bucket Challenge

ImageTrend just challenged NEMSIS TAC and a couple others.
Watch It >


Multimedia Thumb

Where in the World of EMS is A.J.?

A.J. Heightman participated in the ALS Ice Bucket Challenge in a big way!
Watch It >


Multimedia Thumb

Details on Discipline Released in D.C. Investigation

Interim fire chief claims punishment was not severe enough.
Watch It >


Multimedia Thumb

Kentucky Firefighters Recovering from Injuries

One of the four remains in critical condition.
Watch It >


Multimedia Thumb

Numerous Rescues during Arizona Flooding

Severe flooding across the region prompted several rescues.
More >


Multimedia Thumb

Colorado Hiker Rescue

Injured hiker spent three hours in a crevice.
More >


Multimedia Thumb

Airlift at Swiss Train Derailment

Helicopters used to help reach the injured.
More >


Multimedia Thumb

LMA MAD Nasal™

Needle-free intranasal drug delivery.
Watch It >


Multimedia Thumb

The AmbuBus®, Bus Stretcher Conversion Kit - EMS Today 2013

AmbuBus®, Bus Stretcher all-hazards preparedness & response tool
Watch It >


Multimedia Thumb

Braun Ambulances' EZ Door Forward

Helps to create a safer ambulance module.
Watch It >


Multimedia Thumb

Field Bridge Xpress ePCR on iPad, Android, Kindle Fire

Sneak peek of customizable run forms & more.
Watch It >


More Product Videos >