Stanford Medical Records Appear Online In Information Breach

STANFORD (CBS SF) - The names and medical information of some patients seen at Stanford Hospital and Clinics were posted to a website by an outside vendor's sub-contractor, a hospital spokesman said Thursday.

Limited information—such as medical records numbers, hospital account numbers, emergency room admission and discharge dates, and billing charges—about patients seen at the hospital's Emergency Department was contained in the leaked file, hospital director of communications Gary Migdol said.

The information pertains to patients seen in the department between March 1 and Aug. 31, 2009.

Information commonly associated with identity theft, such as credit card or social security numbers, was not involved, Migdol said.

The hospital learned of the privacy breach on Aug. 22 of this year and took swift action to ensure the file was removed from the website, which was achieved within 24 hours, Migdol said.

"The hospital notified affected patients quickly and also arranged for free identity protection services, though the data involved is not associated with identity theft," he said.

A full investigation was launched by the hospital to determine how this leak happened.

"The hospital is strongly committed to protecting our patients' information and immediately suspended work with the vendor," Migdol said in a statement released today.

The vendor, Multi Specialties Collection Services, is conducting an independent investigation regarding the breach, which also represents a contractual violation in terms of safeguarding the privacy and security of patient information.

According to Migdol, the incident was not caused by the hospital, which may take further action when the investigation is complete. Responsibility has been assumed by a contractor working for Multi Specialties Collection Services.

(Copyright 2011 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)