Back in August 2011, Stanford Hospital & Clinics (SHC) disclosed that medical records for 20,000 emergency room patients, including names and diagnosis codes, had been exposed on a public website due to the actions of a former billing contractor’s employee who, seeking help converting the data, had uploaded the file on the “Student of Fortune” website. Both SHC and it former contractor, Multi-Specialty Collection Services, were sued for $20 million under California’s Confidentiality of Medical Information Act (CMIA).
Now Jason Green reports that a settlement in the case, to the tune of $4.1 million, has received tentative approval by Los Angeles County Superior Court Judge Elihu Berle:
Under terms of the tentative settlement, the patients would receive a little more than $100 each, said Springer’s Los Angeles-based attorney Brian S. Kabateck. In addition, the hospital would have to fund a program for two years that trains medical professionals to protect patient records. Kabateck said the program could cost the hospital up to $1 million.
Read more on San Jose Mercury News.
It’s worth noting that although CMIA provides statutory damages of $1,000 per person for violations of the Act, a court decision last year held that negligence plus disclosure was not sufficient to trigger the statutory damages. Had the plaintiffs tried to take this to trial, it would have been a gamble (although all lawsuits are gambles, of course). In this case, though, given that there was no evidence of misuse of information, a settlement seems like the smart move in this case.