Sue Dremman reports that a lawsuit has been filed against Stanford Hospital & Clinics and its former vendor, Multi-Specialty Collection Services, LLC. You can read about it on Palo Alto Online. This is one of those cases where I really do view a breached entity as a victim because SHC seems to have done everything right but they’ll still take the reputation hit and incur costs.
Keeping in mind that this is just SHC’s side of the story and we have yet to hear from MSCS:
Stanford officials said Multi-Specialty Collection Services, a California company, provided business and financial support to the hospitals. Multi-Specialty was operating under a contract that specifically required it to protect the privacy of the patient information. The hospital sent the data to Multi-Specialty in an encrypted format to protect its confidentiality.
A hospital investigation found that Multi-Specialty prepared an electronic spreadsheet from the data that had patient names, addresses and diagnosis codes. The company sent the spreadsheet to a third person who was not authorized to have the information and who posted it on a website.
“This mishandling of private patient information was in complete contravention of the law and of the requirements of MSCS’s contract with SHC and is shockingly irresponsible. SHC regrets that its patients’ confidentiality was breached and is committed to protecting the health and privacy of all of its patients,” the hospital said.
Read more on Palo Alto Online.