“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
PALO ALTO, Calif. (AP) — Stanford Hospital in California is
blaming a subcontractor used by an outside vendor for a privacy
breach that led to the posting online of medical information for
thousands of emergency room patients.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
The breach was first reported Friday by the New York Times
(Ā “http://nyti.ms/p84zWa” target=
“-blank”>http://nyti.ms/p84zWa
including names and diagnosis codes, remained on a commercial
website for nearly a year until it was discovered last month and
taken down, according to the newspaper.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
In a statement, Stanford Hospital said the file that contained the
patient information and was posted to the site was created by a
subcontractor employed by one of its vendors, Multi Specialties
Collection Services.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
The hospital did not name the subcontractor, but it said Multi
Specialties Collection Services is investigating how the company
caused patient information to be posted to the website. Stanford
said that in the meantime, it has suspended working with Multi
Specialties Collection Services.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
“This incident was not caused by the hospital, and responsibility
has been assumed by a contractor working with the vendor,” the
hospital said in its statement.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Breaches of medical data are common though most typically involve
lost or stolen computers or storage devices.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Roughly one-fifth of the publicly disclosed breaches in the last
seven years have involved health care providers, according to a
database kept by the Privacy Rights Clearinghouse.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
The digitization of medical data is creating new problems, as the
information travels more easily among the dozens of contractors
that are typically authorized to handle a person’s medical records
and is more easily lost or accidentally posted online.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Last month, The Associated Press reported on a California firm that
posted the medical files of nearly 300,000 workers’ compensation
patients on a website that the firm mistakenly believed only its
employees could see.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
In the Stanford case, the data ended up on a homework-help website
called Student of Fortune, according to the New York
Times.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Someone needing help converting data into a bar graph posted a
spreadsheet along with the sensitive information, Gary Migdol, a
spokesman for the hospital, told the Times. The spreadsheet first
appeared there a year ago Friday, Migdol said.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
The privacy breach did not involve any hacking, and data weren’t on
Stanford’s or the collection agency’s website, but on Student of
Fortune’s.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
The information also contained medical record numbers, hospital
account numbers, emergency room admission and discharge dates and
billing charges, according to the hospital. It did not contain
credit card or Social Security numbers, information commonly
associated with identity theft.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
The affected patients were seen by the hospital’s emergency
department between March 1, 2009, and Aug. 31, 2009.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
“The hospital notified affected patients quickly and also arranged
for free identity protection services, though the data involved is
not associated with identity theft,” the hospital said in its
statement.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Migdol told the Times that he expected the federal Department of
Health and Human Services to conduct its own investigation. Susan
McAndrew, a deputy director in the department’s Office for Civil
Rights, said she could not discuss whether an investigation was in
progress.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
about our“http://hosted2.ap.org/APDEFAULT/privacy”>Privacy
Policy
