The new Director of the HHS Office of Civil Rights (“OCR”) has promised to continue the agency’s trend towards greater HIPAA enforcement, but, following a data breach, OCR may not be a provider’s or contractor’s only concern. On September 28, Shana Springer, a California woman whose protected health information was unknowingly made public, along with the information of approximately 20,000 other emergency room patients, filed a class action lawsuit in Los Angeles County Superior Court. The suit seeks approximately $20 million in damages from the hospital ultimately responsible for the breach, Stanford Hospital & Clinics.
The suit follows a breach that was originally made public in early September. A spreadsheet containing data (including patient names, diagnosis codes, dates of treatment, and billing information) on 20,000 patients treated in the Stanford emergency department during a six month period in 2009 was discovered as a publicly available document on the website Student of Fortune. Student of Fortune is a public site designed to allow students to seek paid help with their homework by posting assignments. The information had originally been entrusted to a Los Angeles billing contractor, Multi-Specialty Collection Services. Neither Student of Fortune nor Multi-Specialty Collection Services has explained how the spreadsheet came to be posted to the publicly available Student of Fortune database. When the information was discovered by a patient and Stanford notified, the spreadsheet was immediately removed from the Student of Fortune website and the data breach
was reported to HHS OCR.
Please see full publication below for more information.