Stanford's ER Patients Exposed

Arguments that electronic health records are safe and secure were dealt a major blow last week with news that the names and diagnosis codes of 20,000 patients at a California emergency room were accidentally posted online -- and stayed there for nearly a year.

Stanford Hospital, in Palo Alto, Calif., was investigating how a billing subcontractor's spreadsheet ended up on a website for students who were soliciting paid help with school assignments, according to reports in newspapers, including the New York Times. The spreadsheet was published on the site beginning Sept. 9, 2010, as an attachment to a question about converting data into bar graphs, a Stanford spokesman told the Times.

The spreadsheet did not include Social Security numbers, birthdays or credit-card numbers, but did include diagnosis codes, hospital account numbers and dates of treatment, the spokesman said.

The hospital learned of the breach from a patient on Aug. 22 and succeeded in getting the offending material removed the next day. The breach was announced publicly on Thursday, several days after affected patients were notified of the problem by mail, according to the San Jose Mercury News.

Stanford Hospital "suspended business" with the vendor, the Mercury News said.