50.3 F
Indianapolis
Friday, March 29, 2024

Stanford Hospital privacy breach puts data online

More by this author

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

PALO ALTO, Calif. (AP) — Stanford Hospital in California is

blaming a subcontractor used by an outside vendor for a privacy

breach that led to the posting online of medical information for

thousands of emergency room patients.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

The breach was first reported Friday by the New York Times

(Ā 

“http://nyti.ms/p84zWa” target=

“-blank”>http://nyti.ms/p84zWaĀ ). The data of 20,000 patients,

including names and diagnosis codes, remained on a commercial

website for nearly a year until it was discovered last month and

taken down, according to the newspaper.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

In a statement, Stanford Hospital said the file that contained the

patient information and was posted to the site was created by a

subcontractor employed by one of its vendors, Multi Specialties

Collection Services.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

The hospital did not name the subcontractor, but it said Multi

Specialties Collection Services is investigating how the company

caused patient information to be posted to the website. Stanford

said that in the meantime, it has suspended working with Multi

Specialties Collection Services.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

“This incident was not caused by the hospital, and responsibility

has been assumed by a contractor working with the vendor,” the

hospital said in its statement.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

Breaches of medical data are common though most typically involve

lost or stolen computers or storage devices.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

Roughly one-fifth of the publicly disclosed breaches in the last

seven years have involved health care providers, according to a

database kept by the Privacy Rights Clearinghouse.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

The digitization of medical data is creating new problems, as the

information travels more easily among the dozens of contractors

that are typically authorized to handle a person’s medical records

and is more easily lost or accidentally posted online.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

Last month, The Associated Press reported on a California firm that

posted the medical files of nearly 300,000 workers’ compensation

patients on a website that the firm mistakenly believed only its

employees could see.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

In the Stanford case, the data ended up on a homework-help website

called Student of Fortune, according to the New York

Times.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

Someone needing help converting data into a bar graph posted a

spreadsheet along with the sensitive information, Gary Migdol, a

spokesman for the hospital, told the Times. The spreadsheet first

appeared there a year ago Friday, Migdol said.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

The privacy breach did not involve any hacking, and data weren’t on

Stanford’s or the collection agency’s website, but on Student of

Fortune’s.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

The information also contained medical record numbers, hospital

account numbers, emergency room admission and discharge dates and

billing charges, according to the hospital. It did not contain

credit card or Social Security numbers, information commonly

associated with identity theft.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

The affected patients were seen by the hospital’s emergency

department between March 1, 2009, and Aug. 31, 2009.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

“The hospital notified affected patients quickly and also arranged

for free identity protection services, though the data involved is

not associated with identity theft,” the hospital said in its

statement.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>

Migdol told the Times that he expected the federal Department of

Health and Human Services to conduct its own investigation. Susan

McAndrew, a deputy director in the department’s Office for Civil

Rights, said she could not discuss whether an investigation was in

progress.

“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>

“text-decoration: none; color: #000066;” rel=”item-license” href=

“http://hosted.ap.org/dynamic/stories/U/US_MEDICAL_DATA_BREACH?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2011-09-09-16-36-36#95db9c0f-81aa-4226-9885-b6374ea86850”

name=”95db9c0f-81aa-4226-9885-b6374ea86850″>Ā© 2011Ā 

“source-org vcard”>The Associated

Press. All rights reserved. This material may not be

published, broadcast, rewritten or redistributed.Ā Learn more

about our

“http://hosted2.ap.org/APDEFAULT/privacy”>Privacy

PolicyĀ andĀ 

href=”http://hosted2.ap.org/APDEFAULT/terms”>Terms of Use.

- Advertisement -
ads:

Upcoming Online Townhalls

- Advertisement -

Subscribe to our newsletter

To be updated with all the latest local news.

Stay connected

1FansLike
1FollowersFollow
1FollowersFollow
1SubscribersSubscribe

Related articles

Popular articles

EspaƱol + Translate Ā»
Skip to content