Stanford to defend itself against class action suit on data breach

Jeff Byers | | Health Exec | Economics
A purported class action lawsuit was filed against Stanford Hospital & Clinics (SHC) and outside vendor Multi-Specialty Collection Services (MSCS) on grounds that MSCS caused some confidential information about patients who visited Stanford Hospital’s emergency room to be posted on a website. “SHC intends to vigorously defend the lawsuit that has been filed as it acted appropriately and did not violate the law as claimed in the lawsuit,” an Oct. 3 statement from the Stanford, Calif.-based provider stated.

“SHC takes very seriously its obligation to treat its patient information as private and confidential. As soon as this was brought to SHC’s attention by a patient, the hospital demanded and had the spreadsheet taken down from the website and backup servers,” the organization continued.

MSCS provided business and financial support to SHC and was operating under a contract with SHC that required it to protect the privacy of the patient information sent to it, according to SHC, who continued that it sent data to MCSC in an encrypted format.

SHC’s investigation of the incident determined MSCS prepared an electronic spreadsheet from data that had the names, addresses and diagnosis codes of almost 20,000 patients. “Unfortunately, MSCS improperly sent the spreadsheet it had created to a third person who was not authorized to have that information and who improperly posted it on a website, apparently to get assistance in generating a graph from MSCS’s spreadsheet,” the statement  read. “This mishandling of private patient information was in complete contravention of the law and of the requirements of MSCS’s contract with SHC and is shockingly irresponsible.”

The affected patients were notified of this breach and SHC offered to provide free identity protection services to all the patients. To date there is no evidence that anyone saw this information on the website and improperly used it for fraudulent or any other improper purpose, SHC asserted.

SHC has terminated its relationship with MSCS and reported this breach to law enforcement authorities. “SHC regrets that its patients’ confidentiality was breached and is committed to protecting the health and privacy of all of its patients,” the facility concluded.

Jeff Byers

Related Content

Cardiologist demand is on the rise—can hospitals keep up?
Cardinal Health scoops up two companies for $3.9B
UnitedHealth defends $3.3B Amedisys acquisition
DOJ sues to block UnitedHealth’s $3.3B acquisition of home health giant
Private equity firm to buy Summa Health for $485M
Private equity transactions in healthcare down 15% since 2023, report finds

Around the web

Cardiovascular Business
Payment cuts and beyond: Key takeaways for cardiologists from the 2025 Medicare Physician Fee Schedule

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

AI in Healthcare
A modest proposal to rally AI regulators around a simple game plan

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

Cardiovascular Business
FDA commissioner urges clinicians to join fight against medical misinformation

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Design by Adaptive Theme
Trimed Popup
Trimed Popup