This week, officials at Stanford Hospital (Palo Alto, California) confirmed that for almost a year, private medical data for nearly 20,000 emergency room patients were exposed because a billing contractor’s marketing agent sent the electronic spreadsheet to a job prospect as part of a skills test. Subsequently, the applicant sought help by unwittingly posting the confidential data on a tutoring Web site. In an e-mail sent to a victim of the security breach, the billing contractor, Joe Anthony Reyna, president of Multi-Specialty Collection Services (MSCS) in Los Angeles, explained that his marketing vendor, Frank Corcino, had received the data directly from Stanford Hospital, converted it to a new spreadsheet and then forwarded it to a woman he was considering for a short-term job. The position was with Mr. Corcino’s one-man shop, Corcino & Associates. Stanford Hospital officials noted that the job applicant apparently was challenged to convert the spreadsheet, which included names, admission dates, diagnosis codes and billing charges, into a bar graph and charts.
Unaware that she had been given real patient data, the applicant posted it as an attachment to a request for help on studentoffortune.com, which allows students to solicit paid assistance with their work. First posted on September 9, 2010, the spreadsheet remained on the Web site until a patient discovered it on August 22 and notified the hospital. The hospital, located on the Stanford University campus, demanded that the spreadsheet be removed, and the Web site quickly complied. Mr. Corcino attributed the breach to “a chain of mistakes, which are far too easy to make when handling electronic data.” Lawyers have filed a lawsuit in state court in Los Angeles, seeking certification as a class action and $20 million in damages from Stanford Hospital & Clinics and MSCS.
Unfortunately, breaches of private medical data have become commonplace; two were discovered in the past week alone. Officials at Florida Hospital (Orland) reported that three employees had improperly reviewed emergency department records of 2,252 patients, apparently to forward information about accident victims to lawyers. The employees were fired, and law enforcement officials are investigating. In San Antonio, Texas, Science Applications International Corporation reported that computer backup tapes containing medical data for 4.9 million military patients had been stolen from an employee’s car in. The data included Social Security numbers, clinical notes, laboratory test results, and prescriptions. The company said the risk of harm was low because retrieving data from the tapes would require specialized knowledge, software and hardware.
See Also:
Digital medical records evolving at Cedars-Sinai Medical Center
Comments