SHC patient-privacy suit looms

Oct. 4, 2011, 2:30 a.m.

A class action suit has been filed against Stanford Hospital & Clinics and a third-party vendor by patients whose personal information was published on a public website discovered earlier this month.

A third-party vendor and its subcontractor with whom the Hospital had been working were responsible for posting patients’ names, hospital admittance, exit dates and other information on a commercial site, where it remained for almost one year.

Patients’ information from dates ranging March 1 to Aug. 31, 2009 was posted on a student-run homework site called Student of Fortune in September 2010.

“We value the privacy of patient health information and are committed to protecting it at all times,” said Diane Meyer, Chief Privacy Officer at Stanford Hospital & Clinics in a Hospital press release. “Our contractors are explicitly required to commit to strong safeguards to protect the confidentiality of our patients’ information.  We have worked extremely hard to identify all the parties responsible.”

After launching an investigation at the end of August, the Hospital found Multi-Specialty Collection Services, LLC (MSCS) and its subcontractor to be the source of the leak. MSCS was contracted to provide “business and financial support to the Hospital, and was legally responsible for protecting all patient information needed for its services.” It was determined that no Hospital employees were involved with the posting of information.

In a statement released Monday morning, SHC said it would defend the lawsuit.

“Stanford Hospital & Clinics understands that a purported class action lawsuit was filed against it and Multi-Specialty Collection Services, LLC, an outside vendor that caused some confidential information about patients who visited Stanford Hospital’s emergency room to be posted on a website,” the statement reads. “SHC intends to vigorously defend the lawsuit that has been filed as it acted appropriately and did not violate the law as claimed in the lawsuit.”

Approximately 20,000 patients were affected by the security breach; SHC mailed informational letters to each in response. The lawsuit was filed on behalf of some of these patients in a Los Angeles court.

According to SHC Director of Communications Gary Migdol, the Hospital was not planning to comment further on the matter at this time.



Login or create an account