Business LawData Security & Privacy

Stanford Hospital Patient Data Publicly Available for 1 year – Do HIPAA laws really work?

On Friday, September 9, 2011, Stanford Hospital disclosed that over 20,000 patient records were publicly posted on a commercial Web site, which included the names of the patients, admission and release dates, and diagnosis codes.  The information had been publicly  available for almost one year.  The New York Times reported that “[s]ince discovering the breach last month, the hospital has been investigating how a detailed spreadsheet made its way from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called Student of Fortune, which allows students to solicit paid assistance with their schoolwork.”

Patient and consumer privacy in the Age of Information has long been a challenge for any organization.  Lawmakers have tried to hold those organizations accountable by enacting laws which are designed to develop a standard by which the organization must safeguard its data.  Yet, every day, terabytes upon terabytes of personal information are being released in an unauthorized manner.  Mostly it is due to a lack of external and internal controls within the organization.  Businesses and government agencies have simply adopted a “check-the-box” mentality when it comes to securing mission-critical data.  Instead, those groups must adopt a paradigm shift in how they perceive the environment in which data is secured.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.