Last month Stanford University's hospital
discovered a massive privacy breach when 20,000 emergency room records
appeared online. The records included names, diagnosis codes, account
numbers, dates of admission and discharge, and billing charges. Social
Security numbers, birth dates, credit card accounts or other information
that could potentially result in identity theft was not exposed. Even
so, the hospital is offering free identity-protection services to all
affected patients.
"An electronic file that an outside vendor’s sub-contractor created and caused to be posted to a website contained limited information about patients seen in the Emergency Department of Stanford Hospital & Clinics between March 1 and August 31, 2009. The Hospital discovered this on August 22, 2011, and immediately took action to ensure removal of the file from the website, which was done within 24 hours.
A full investigation was launched, and Stanford Hospital & Clinics has been working very aggressively with the vendor to determine how this occurred, in violation of strong contract commitments to safeguard the privacy and security of patient information. The vendor, Multi Specialties Collection Services, is conducting its own investigation into how its contractor caused patient information to be posted to the website and the Hospital may take further action following completion of the investigation.
Information in the electronic file was limited to names, medical record numbers, hospital account numbers, emergency room admission/discharge dates, medical codes for the reasons for the visit, and billing charges. Information commonly associated with identity theft, such as credit card and social security numbers, was not included.
The Hospital is strongly committed to protecting our patients’ information and immediately suspended work with the vendor. The Hospital notified affected patients quickly and also arranged for free identity protection services, though the data involved is not associated with identity theft.
This incident was not caused by the Hospital, and responsibility has been assumed by a contractor working with the vendor.
0 comments:
Post a Comment