Arguments that electronic health records are safe and secure were dealt a major blow last week with news that the names and diagnosis codes of 20,000 patients at a California emergency room were accidentally posted online -- and stayed there for nearly a year.
Stanford Hospital, in Palo Alto, Calif., was investigating how a billing subcontractor's spreadsheet ended up on a website for students who were soliciting paid help with school assignments, according to reports in newspapers, including the New York Times. The spreadsheet was published on the site beginning Sept. 9, 2010, as an attachment to a question about converting data into bar graphs, a Stanford spokesman told the Times.
The spreadsheet did not include Social Security numbers, birthdays or credit-card numbers, but did include diagnosis codes, hospital account numbers and dates of treatment, the spokesman said.
The hospital learned of the breach from a patient on Aug. 22 and succeeded in getting the offending material removed the next day. The breach was announced publicly on Thursday, several days after affected patients were notified of the problem by mail, according to the San Jose Mercury News.
Stanford Hospital "suspended business" with the vendor, the Mercury News said.
John Pulley
John Pulley has written the Health IT Update blog since May 2011. Prior to becoming a regular contributor to Nextgov, he covered technology for Federal Computer Week and Government Health IT magazines. He has written about government for Federal Times and Air Force Times, as well. Pulley has worked in journalism for more than 20 years. He began his career covering local government for regional newspapers. In addition, he served as a writer and senior editor at The Chronicle of Higher Education for seven years. In 2006, he founded The Pulley Group, an editorial services agency.
JOIN THE DISCUSSION