Post a New Topic
Original post made
on Oct 3, 2011
What do the victims want? Tighter data security at Stanford? 3rd party auditing of patient record security? Private investigators to track down the criminals? More information from Stanford of how the leak occurred and exactly what data was stolen? This article is too vague about what the case is all about.
> It will be interesting to see if the ambulance-chasing lawyers (now turned to chasing security breaches) will be able to prove any actual harm to any of the 20,000 litigants that are suing the University.
Stanford (and every organization that posses customer/client information) needs to tighten up its security. It would not be a bad move to fire its current security head, and if it does not have a CIO (Chief Information Officer), then to appoint one.
Stanford needs a kick-in-the-pants over this, but paying the people whose names were released that can prove no damage sets a terrible precedent, which will only drive up the cost of medical care for the rest of us.
> What do the victims want?
According to the Daily News, the lawsuit calls for a payment of $1,000 for each person whose name was allegedly made public, and "attorney fees", of course. This comes to a cool $20M. How much these vultures will claim as only "fair compensation" for their efforts is an open question, but there is no doubt that they will want more than the entire budget for some small country.
The problem with the Stanford Hospital defense is that Stanford was already having a problem meeting the proper handling of patient data under HIPAA requirements. I had to deal directly with the CEO and was able to do it because of their sloppy security habits.
Stanford Hospital and the related departments MUST tighten security at all levels, starting with social engineering issues ( like a doctor leaving patient data on the computer when he/she/it leaves the room ) to the CEO leaving their PRIVATE e-mail address PUBLIC.
Both of the issues I describe I have personally witnessed when I had been treated at Stanford.
I didn't sue; but I DID notify Stanford about the laxness in their IT department when it came to security. No callbacks, just all the data on my treatments for FREE.
Therin lies the heart of the problem; HIPAA REQUIRES Cheap and total access to the data TO A PATIENT ( the P in HIPAA is the word PORTABILITY not PRIVACY as some shyster HOSPITALS and DOCTOR OFFICES claim on their forms ), but TIGHT security to everyone else that requests or is given the patient data.
That makes Stanford available for a CULPABLE NEGLIGENCE suit; they knew they had this problem for YEARS and they didn't fix it.
Sorry, Stanford Hospital, but you were warned....
it appears that Stanford wasn't the party that divulged the information but rather the collection agency they employed. Stanford should have made sure that the company they hired had airtight controls before entrusting them with HIPPA information. Stanford was the source of the original information and turned it over to this agency who blatantly ignored HIPPA regulations. When one outsources, one needs to be assured of quality control-this was not the case here. Maybe they were the cheapest?
Stanford Hospital thinks it can solely blame "unprofessional vendors" and in doing so, dismiss it's own responsibility of due diligence in evaluating vendors. The vendors they chose no longer have web presence; they removed ALL their profiles, websites, and information the week the story broke. These vendors are basically one-man companies. These vendors are anything but professional and established... and Stanford gave them MY records, and yours (if you have been a patient at SHC in the past few years.) This is not about identity theft, this is about breach of patient confidentiality. Period. If the Hospital had given the records to a local hot dog vendor, I can guarantee they would be still be pointing a finger at someone other than themselves.
I think it is REALLY important for the world that this lawsuit be successful.
The publishing of medical records in a country where insurance can be denied or a job lost based on "health" comprises criminal negligence.
It is important not just to reimburse these people but to the rule of law.
Stanford has deep pockets. they should pay up.
People will sue for any free money, especially in this economy.
Perhaps if we required parties to a class action lawsuit to pony up a retainer of, say $100 to be included...
Well I'm one of those affected by the breach. And I didn't go into the ER to get treated and then have my information splattered all over the internet. So I'm all for it.
The breach of data at Stanford Hospital and Clinic demonstrates the need for companies to thoroughly vet all third party vendors and contractors. Despite the information being properly secured by Stanford Hospital, the third party failed to properly secure and manage the information once it was in their hands. It is important to do the appropriate due diligence before engaging a vendor with whom you will be sharing sensitive information and then insuring the appropriate protection, notification, insurance requirements as well as liability considerations are appropriately stated and enforced within in the contract. Companies using external resources for any managing of information need to conduct a review of the third party's practices in protecting and sharing data. Failure to do so puts your customers, partners and your company at risk.
SVP, Data Risk Management
Identity Theft 911
Well here's the funny thing.... this was simply ONE batch of 20,000 records that was revealed, by those "vendors" has been sent, were given access, to many many more records over the past few years.... maybe even your record. And if you read the New York Times most recent article (today), you'll get a sense of how unprofessional these selected vendors were. Stanford Hospital sent patient records to a one-man "company" who then gave the information to someone he was interviewing for a job! The job applicant was given legally protected confidential data, and then posted it online. ...Isn't that special!
As for the snide remarks about a class action....victims don't get rich from class actions... if any of you want a whooping $1000 in exchange for posting your most confidential health and medical data on some frivolous student website, than just wait.... it could happen for you sooner or later, or maybe already has.
I apologize for all the typos, using an iPhone. here is what I intended:
Well here's the funny thing.... this was simply ONE batch of 20,000 records that was revealed, but those "vendors" had been sent, and given access, to many many more records over the past few years.... maybe even your record. And if you read the New York Times most recent article (today), you'll get a sense of how unprofessional these selected vendors were. Stanford Hospital sent patient records to a one-man "company" who then gave the information to someone he was interviewing for a job! The job applicant was given legally protected confidential data, and then posted it online.
As for the snide remarks about a class action....victims don't get rich from class actions... if any of you want a whooping $1000 in exchange for posting your most confidential health and medical data on some frivolous student website, then just wait.... it could happen for you sooner or later, or maybe already has.
It is ok to write imperfect grammar, it is ok to have an imperfect life and it is ok to know that they had lost our records, coz life is full of imperfect events.
> to Perfect
Somehow that doesn't compute. Why have laws and regulations if life is so "imperfect?" How absurd to equate a few words of one individual's imperfect grammar with the sweeping imperfect responsibility of a medical institution. Why even have HIPPA rules at all in such an imperfect world?
The government creats the law,some are for wars, some are for oils,some are for riches,so they are impecfect also.
Yes, "perfect." The patient who goes to the Stanford Hospital emergency room for (culturally stigmatized) HIV complications, or the woman who seeks treatment after a violent rape, should expect to have their confidential medical data openly displayed on the web for all to see. We should just smile at them and say, "hey, it's an imperfect world. Get over it!"
Yeah, what you can do, ask the students who saw it to spit it out from their throats.How funny!!!!!!!!
Stanford University is one of the most corrupt institutions. Never send your kids to Stanford for an education.
@Jon: It's acceptance letter time. I'm guessing your senior didn't gain an acceptance letter to Stanford? The only way for Palo Altans to be admitted to Stanford is through connections.
Don't miss out on the discussion!
Sign up to be notified of new comments on this topic.
Post a comment
Posting an item on Town Square is simple and requires no registration. Just complete this form and hit "submit" and your topic will appear online.
Please be respectful and truthful in your postings so Town Square will continue to be a thoughtful gathering place for sharing community information
We prefer that you use your real name, but you may use any "member" name you wish.
Select your neighborhood or school community: * Not sure?
- Barron Park
- Charleston Gardens
- Charleston Meadows
- College Terrace
- Community Center
- Crescent Park
- Downtown North
- Duveneck/St. Francis
- Embarcadero Oaks/Leland
- Esther Clark Park
- Evergreen Park
- Greater Miranda
- Green Acres
- Greendell/Walnut Grove
- Leland Manor/Garland Drive
- Meadow Park
- Monroe Park
- Old Palo Alto
- Palo Alto Hills
- Palo Alto Orchards
- Palo Verde
- South of Midtown
- St. Claire Gardens
- The Greenhouse
- Triple El
- University South
- Woodland Ave. area (East Palo Alto)
- Addison School
- Barron Park School
- Duveneck School
- Egan Middle School (Los Altos)
- El Carmelo School
- Escondido School
- Fairmeadow School
- Gunn High School
- Hoover School
- JLS Middle School
- Jordan Middle School
- Juana Briones School
- Nixon School
- Ohlone School
- Palo Alto High School
- Palo Verde School
- Santa Rita (Los Altos)
- Terman Middle School
- Walter Hays School
- another community
- Another Palo Alto neighborhood
- East Palo Alto
- Los Altos
- Los Altos Hills
- Menlo Park
- Mountain View
- Portola Valley
Verification code: *
Enter the verification code exactly as shown, using capital and lowercase letters, in the multi-colored box.
I Told My Mom She's Dying
By Chandrama Anderson | 12 comments | 2,521 views
Grab a Bowl of Heaven soon in Mountain View
By Elena Kadvany | 0 comments | 1,848 views
Quick Check List for UC Applications
By John Raftrey and Lori McCormick | 0 comments | 1,238 views
Fancy Fast and Fun!
By Laura Stec | 3 comments | 961 views
Campaign Endorsements: Behind the Curtain
By Douglas Moran | 3 comments | 786 views
Home & Real Estate
Shop Palo Alto
Send News Tips
Circulation & Delivery
Mountain View Voice
© 2014 Palo Alto Online
All rights reserved.