Stanford Hospital Privacy Breach Puts Data Online

The breach led to the posting online of medical information for thousands of patients


 
 

| Friday, September 9, 2011


PALO ALTO, Calif. (AP) — Stanford Hospital in California is blaming a subcontractor used by an outside vendor for a privacy breach that led to the posting online of medical information for thousands of emergency room patients.

The breach was first reported Friday by the New York Times (http://nyti.ms/p84zWa ). The data of 20,000 patients, including names and diagnosis codes, remained on a commercial website for nearly a year until it was discovered last month and taken down, according to the newspaper.

In a statement, Stanford Hospital said the file that contained the patient information and was posted to the site was created by a subcontractor employed by one of its vendors, Multi Specialties Collection Services.

The hospital did not name the subcontractor, but it said Multi Specialties Collection Services is investigating how the company caused patient information to be posted to the website. Stanford said that in the meantime, it has suspended working with Multi Specialties Collection Services.

"This incident was not caused by the hospital, and responsibility has been assumed by a contractor working with the vendor," the hospital said in its statement.

Breaches of medical data are common though most typically involve lost or stolen computers or storage devices.

Roughly one-fifth of the publicly disclosed breaches in the last seven years have involved health care providers, according to a database kept by the Privacy Rights Clearinghouse.

The digitization of medical data is creating new problems, as the information travels more easily among the dozens of contractors that are typically authorized to handle a person's medical records and is more easily lost or accidentally posted online.

Last month, The Associated Press reported on a California firm that posted the medical files of nearly 300,000 workers' compensation patients on a website that the firm mistakenly believed only its employees could see.

In the Stanford case, the data ended up on a homework-help website called Student of Fortune, according to the New York Times.

Someone needing help converting data into a bar graph posted a spreadsheet along with the sensitive information, Gary Migdol, a spokesman for the hospital, told the Times. The spreadsheet first appeared there a year ago Friday, Migdol said.

The privacy breach did not involve any hacking, and data weren't on Stanford's or the collection agency's website, but on Student of Fortune's.

The information also contained medical record numbers, hospital account numbers, emergency room admission and discharge dates and billing charges, according to the hospital. It did not contain credit card or Social Security numbers, information commonly associated with identity theft.

The affected patients were seen by the hospital's emergency department between March 1, 2009, and Aug. 31, 2009.

"The hospital notified affected patients quickly and also arranged for free identity protection services, though the data involved is not associated with identity theft," the hospital said in its statement.

Migdol told the Times that he expected the federal Department of Health and Human Services to conduct its own investigation. Susan McAndrew, a deputy director in the department's Office for Civil Rights, said she could not discuss whether an investigation was in progress.



Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


Connect: Have a thought or feedback about this? Add your comment now
Related Topics: News, data privacy, patient privacy, Stanford Hospital

What's Your Take? Comment Now ...

Featured Careers & Jobs in EMS





 

Get JEMS in Your Inbox

 

Fire EMS Blogs


Blogger Browser

Today's Featured Posts

 

EMS Airway Clinic

Innovation & Progress

Follow in the footsteps of these inspirational leaders of EMS.
More >

Multimedia Thumb

Four Killed in New Mexico Medical Plane Crash

Crash near fairgrounds claims patient and crew of three.
Watch It >


Multimedia Thumb

Texas Ambulance Involved in Crash

Odessa ambulance and car collide during response.
Watch It >


Multimedia Thumb

Las Vegas Fire, AMR Reach New Deal

Tentative agreement reached over ambulance calls.
Watch It >


Multimedia Thumb

Fire Damages Several Homes in California Earthquake

Four homes destroyed and others damaged after quake rattles Napa.
Watch It >


Multimedia Thumb

New Mexico Air Ambulance Crash

NTSB investigates crash that killed four.
More >


Multimedia Thumb

Where in the World of EMS is A.J.? Scranton

JEMS Editor-in-Chief visits his hometown of Scranton, Pa.
More >


Multimedia Thumb

Over 100 Injured in California Earthquake

172 patients treated at Napa hospital after 6.0-magnitude earthquake.
More >


Multimedia Thumb

The AmbuBus®, Bus Stretcher Conversion Kit - EMS Today 2013

AmbuBus®, Bus Stretcher all-hazards preparedness & response tool
Watch It >


Multimedia Thumb

Braun Ambulances' EZ Door Forward

Helps to create a safer ambulance module.
Watch It >


Multimedia Thumb

LMA MAD Nasal™

Needle-free intranasal drug delivery.
Watch It >


More Product Videos >