It was kind of funny reading this recent article from the New York Times that focuses on a relatively small health data breach from Stanford Hospital’s emergency room:
A medical privacy breach involving Stanford Hospital in Palo Alto, Calif., led to the public posting of data for 20,000 emergency room patients, including names and diagnosis codes, on a commercial Web site for nearly a year, the hospital has confirmed.
Since discovering the breach last month, the hospital has been investigating how a detailed spreadsheet made its way from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called Student of Fortune, which allows students to solicit paid assistance with their schoolwork.
Gary Migdol, a spokesman for Stanford Hospital and Clinics, said the spreadsheet first appeared on the site on Sept. 9, 2010, as an attachment to a question about how to convert the data into a bar graph.
Although medical security breaches are not uncommon, the Stanford breach was notable for the length of time that the data remained publicly available without detection.
“Medical security breaches are not uncommon” is an understatement. According to the Department of Health and Human Services, 5,408,977 people have had their medical data lost or stolen, so an article that cries foul of 0.37% of this 2010 total seems fairly trivial. Worse, the reported trend is rising.
So far, it seems they really can’t do much to stem the tide: there are just too many people with computers claiming a “need to know” that have access to patients’ private health data.
-Wes
Addendum: Make that 7.9 million records breached since 2009. (h/t: PDara, MD via Twitter)
The author, Dr. Westby G. Fisher, is a cardiologist at NorthShore University HealthSystem who writes regularly at Dr. Wes.
6 niche markets for telemedicine
‘The PayPal of healthcare’ raises $14 million
New Castlight Health president describes his plans for $100 million Series D funds
This iPad platform may streamline patient handoff, reduce nurse overtime
Sign up for MedCity News' e-newsletter, providing medical industry news from across the country.
Sign up
Anyone can blog on MedCity News when they become a "MedCitizen." MedCitizens publish their own thoughts about current medical news and the latest issues in healthcare to the entire MedCity News audience.
Merrill GooznerPharma, device firms kill conflict of interest rule, win accelerated approval
Dr. John D. HalamkaBYOD makes mobile security more complicated
Steven M. Auvil (Sponsored)5 things med tech companies need to know about the Leahy-Smith America Invents Act
Amy SiegelTop 5 anxiety-provoking medtech acronyms
Stephen Schimpff MDIntegrative Medicine Part II — Health Care of the Future
John Mandrola, MDWeighing the risks of Pradaxa vs. the risk of stroke
Comments
Post a comment
Wow 5.5 million people have had their data stolen? Are hospitals held accountable for this? That is unacceptable. What are some solutions for this?
Comment by Tommy Fowler — September 12, 2011 @ 6:54 am
Post a Comment