EXCLUSIVES
FacebookTwitterLinkedInGoogle+RSS Feed
Fire EMSEMS TodayEMS Insider

Stanford Hospital Privacy Breach Puts Data Online

PALO ALTO, Calif. (AP) — Stanford Hospital in California is blaming a subcontractor used by an outside vendor for a privacy breach that led to the posting online of medical information for thousands of emergency room patients.

The breach was first reported Friday by the New York Times (http://nyti.ms/p84zWa ). The data of 20,000 patients, including names and diagnosis codes, remained on a commercial website for nearly a year until it was discovered last month and taken down, according to the newspaper.

In a statement, Stanford Hospital said the file that contained the patient information and was posted to the site was created by a subcontractor employed by one of its vendors, Multi Specialties Collection Services.

The hospital did not name the subcontractor, but it said Multi Specialties Collection Services is investigating how the company caused patient information to be posted to the website. Stanford said that in the meantime, it has suspended working with Multi Specialties Collection Services.

"This incident was not caused by the hospital, and responsibility has been assumed by a contractor working with the vendor," the hospital said in its statement.

Breaches of medical data are common though most typically involve lost or stolen computers or storage devices.

Roughly one-fifth of the publicly disclosed breaches in the last seven years have involved health care providers, according to a database kept by the Privacy Rights Clearinghouse.

The digitization of medical data is creating new problems, as the information travels more easily among the dozens of contractors that are typically authorized to handle a person's medical records and is more easily lost or accidentally posted online.

Last month, The Associated Press reported on a California firm that posted the medical files of nearly 300,000 workers' compensation patients on a website that the firm mistakenly believed only its employees could see.

In the Stanford case, the data ended up on a homework-help website called Student of Fortune, according to the New York Times.

Someone needing help converting data into a bar graph posted a spreadsheet along with the sensitive information, Gary Migdol, a spokesman for the hospital, told the Times. The spreadsheet first appeared there a year ago Friday, Migdol said.

The privacy breach did not involve any hacking, and data weren't on Stanford's or the collection agency's website, but on Student of Fortune's.

The information also contained medical record numbers, hospital account numbers, emergency room admission and discharge dates and billing charges, according to the hospital. It did not contain credit card or Social Security numbers, information commonly associated with identity theft.

The affected patients were seen by the hospital's emergency department between March 1, 2009, and Aug. 31, 2009.

"The hospital notified affected patients quickly and also arranged for free identity protection services, though the data involved is not associated with identity theft," the hospital said in its statement.

Migdol told the Times that he expected the federal Department of Health and Human Services to conduct its own investigation. Susan McAndrew, a deputy director in the department's Office for Civil Rights, said she could not discuss whether an investigation was in progress.



RELATED ARTICLES

Understanding Why EMS Systems Fail

Learn to recognize trigger points that could ruin your system.

West River Ambulance Receives New Rig

West River Ambulance in Hettinger, ND recently received a much-needed upgrade from their 1992 rig. A 2014 Ford/AEV Type III Custom Conversion rig with a 6.8 ...

Unlikely Pairing Leads to Health Care Education Wins

The University of Texas Health Science Center at Houston (UTHealth) School of Nursing and Harris County Emergency Corps (HCEC) have formed an unlikely pairin...

Know When and How Your Patient Can Legally Refuse Care

Refusal of care straddles the intersection of ethical, legal and scientific domains of prehospital practice.

Reflecting on 35 Years of Innovation in JEMS

Take a walk through the last 35 years of EMS in JEMS.

Readers Sound Off About Glove Use After Patient Care

How often are you susceptible to potentially unclean surfaces?

Features by Topic

Featured Careers

 

JEMS TV

FEATURED VIDEO TOPICS

Learn about new products and innovations featured at EMS Today 2015

 

JEMS Connect

CURRENT DISCUSSIONS

 
 

EMS BLOGS

Blogger Browser

Today's Featured Posts