Tweets by @Stanford_Daily

Stanford Daily headlines: 12/14/2015 - https://t.co/2HEhk0CoYG: 1 day ago, The Stanford Daily
9.5 percent of early applicants admitted to Stanford’s Class of 2020 https://t.co/3d1lbpcSaz: 4 days ago, The Stanford Daily
Today, Stanford accepted 9.5 percent of applicants to its restrictive early action program. 745 students were admitted to the Class of 2020.: 4 days ago, The Stanford Daily
Stanford Daily headlines: 12/11/2015 - https://t.co/7YSqquBpRe: 4 days ago, The Stanford Daily
Learn about both the difficulties and the resources that come with being a student athlete at Stanford. https://t.co/3RNId2OPnx: 5 days ago, The Stanford Daily
Stanford Daily headlines: 12/10/2015 - https://t.co/DpwHR3f97N: 5 days ago, The Stanford Daily
Stanford Daily headlines: 12/9/2015 - https://t.co/iwgZnRpCim: 6 days ago, The Stanford Daily
Stanford Daily headlines: 12/8/2015 - https://t.co/vrx5bGAhd9: 1 week ago, The Stanford Daily
Stanford Daily headlines: 12/7/2015 - https://t.co/ip2j6mBm91: 1 week ago, The Stanford Daily
Stanford Daily headlines: 12/4/2015 - https://t.co/WofW7yq7Z1: 2 weeks ago, The Stanford Daily

SHC patient-privacy suit looms

Kate Abbott

By: Kate Abbott

A class action suit has been filed against Stanford Hospital & Clinics and a third-party vendor by patients whose personal information was published on a public website discovered earlier this month.

A third-party vendor and its subcontractor with whom the Hospital had been working were responsible for posting patients’ names, hospital admittance, exit dates and other information on a commercial site, where it remained for almost one year.

Patients’ information from dates ranging March 1 to Aug. 31, 2009 was posted on a student-run homework site called Student of Fortune in September 2010.

“We value the privacy of patient health information and are committed to protecting it at all times,” said Diane Meyer, Chief Privacy Officer at Stanford Hospital & Clinics in a Hospital press release. “Our contractors are explicitly required to commit to strong safeguards to protect the confidentiality of our patients’ information.  We have worked extremely hard to identify all the parties responsible.”

After launching an investigation at the end of August, the Hospital found Multi-Specialty Collection Services, LLC (MSCS) and its subcontractor to be the source of the leak. MSCS was contracted to provide “business and financial support to the Hospital, and was legally responsible for protecting all patient information needed for its services.” It was determined that no Hospital employees were involved with the posting of information.

In a statement released Monday morning, SHC said it would defend the lawsuit.

“Stanford Hospital & Clinics understands that a purported class action lawsuit was filed against it and Multi-Specialty Collection Services, LLC, an outside vendor that caused some confidential information about patients who visited Stanford Hospital’s emergency room to be posted on a website,” the statement reads. “SHC intends to vigorously defend the lawsuit that has been filed as it acted appropriately and did not violate the law as claimed in the lawsuit.”

Approximately 20,000 patients were affected by the security breach; SHC mailed informational letters to each in response. The lawsuit was filed on behalf of some of these patients in a Los Angeles court.

According to SHC Director of Communications Gary Migdol, the Hospital was not planning to comment further on the matter at this time.

  • Breached —another victim

    Stanford Hospital thinks it can put the blame solely on “unprofessional vendors” and in doing so, dismiss it’s own responsibility of due diligence in evaluating vendors. How is it, the vendors they chose no longer have web presence; they removed ALL their profiles, websites, and information the week the breach was discovered. These vendors are basically one-man companies. These vendors are anything but professional and established… and Stanford gave them MY records, and yours (if you have been a patient at SHC in the past few years.) This is not about identity theft, this is about breach of patient confidentiality. Period. If the Hospital had given the records to a local hot dog vendor, I can guarantee they would still be pointing a finger at someone other than themselves.

  • Bertiebot

    To restore some confidence that Stanford is taking this seriously, this dismissal of Meyer should happen as soon as possible.  Also, Stanford needs to disclose the names of and summarily dismiss (1) the person who gave the data to the vendor, and (2) the person who screened the vendor.  These names will come out in the litigation, the sooner Stanford makes a complete statement and fires those involved, the sooner patients will be able to trust Stanford again.  These people should never be entrusted with patients data ever again.  

© 2015 THE STANFORD DAILY