Town Square

Post a New Topic

Class-action lawsuit filed against Stanford

Original post made on Oct 3, 2011

A class-action lawsuit for $20 million has been filed against Stanford Hospital & Clinics over a patient-information breach, the hospitals announced Monday (Oct. 3).

Read the full story here Web Link posted Monday, October 3, 2011, 4:04 PM

Comments (21)

 +   Like this comment
Posted by what do they want?
a resident of Midtown
on Oct 3, 2011 at 4:22 pm

What do the victims want? Tighter data security at Stanford? 3rd party auditing of patient record security? Private investigators to track down the criminals? More information from Stanford of how the leak occurred and exactly what data was stolen? This article is too vague about what the case is all about.


 +   Like this comment
Posted by Encrypt-The-Data
a resident of Another Palo Alto neighborhood
on Oct 3, 2011 at 5:46 pm

> It will be interesting to see if the ambulance-chasing lawyers (now turned to chasing security breaches) will be able to prove any actual harm to any of the 20,000 litigants that are suing the University.

Stanford (and every organization that posses customer/client information) needs to tighten up its security. It would not be a bad move to fire its current security head, and if it does not have a CIO (Chief Information Officer), then to appoint one.

Stanford needs a kick-in-the-pants over this, but paying the people whose names were released that can prove no damage sets a terrible precedent, which will only drive up the cost of medical care for the rest of us.


 +   Like this comment
Posted by Oski
a resident of another community
on Oct 3, 2011 at 6:46 pm

Go Bears!


 +   Like this comment
Posted by Bob
a resident of Another Palo Alto neighborhood
on Oct 4, 2011 at 6:12 am

> What do the victims want?

According to the Daily News, the lawsuit calls for a payment of $1,000 for each person whose name was allegedly made public, and "attorney fees", of course. This comes to a cool $20M. How much these vultures will claim as only "fair compensation" for their efforts is an open question, but there is no doubt that they will want more than the entire budget for some small country.


 +   Like this comment
Posted by the_punnisher
a resident of Mountain View
on Oct 4, 2011 at 11:56 am

the_punnisher is a registered user.

The problem with the Stanford Hospital defense is that Stanford was already having a problem meeting the proper handling of patient data under HIPAA requirements. I had to deal directly with the CEO and was able to do it because of their sloppy security habits.

Stanford Hospital and the related departments MUST tighten security at all levels, starting with social engineering issues ( like a doctor leaving patient data on the computer when he/she/it leaves the room ) to the CEO leaving their PRIVATE e-mail address PUBLIC.

Both of the issues I describe I have personally witnessed when I had been treated at Stanford.

I didn't sue; but I DID notify Stanford about the laxness in their IT department when it came to security. No callbacks, just all the data on my treatments for FREE.

Therin lies the heart of the problem; HIPAA REQUIRES Cheap and total access to the data TO A PATIENT ( the P in HIPAA is the word PORTABILITY not PRIVACY as some shyster HOSPITALS and DOCTOR OFFICES claim on their forms ), but TIGHT security to everyone else that requests or is given the patient data.

That makes Stanford available for a CULPABLE NEGLIGENCE suit; they knew they had this problem for YEARS and they didn't fix it.

Sorry, Stanford Hospital, but you were warned....


 +   Like this comment
Posted by concerned citizen
a resident of Community Center
on Oct 4, 2011 at 4:04 pm

it appears that Stanford wasn't the party that divulged the information but rather the collection agency they employed. Stanford should have made sure that the company they hired had airtight controls before entrusting them with HIPPA information. Stanford was the source of the original information and turned it over to this agency who blatantly ignored HIPPA regulations. When one outsources, one needs to be assured of quality control-this was not the case here. Maybe they were the cheapest?


 +   Like this comment
Posted by a victim of the breach
a resident of Downtown North
on Oct 4, 2011 at 10:38 pm

Stanford Hospital thinks it can solely blame "unprofessional vendors" and in doing so, dismiss it's own responsibility of due diligence in evaluating vendors. The vendors they chose no longer have web presence; they removed ALL their profiles, websites, and information the week the story broke. These vendors are basically one-man companies. These vendors are anything but professional and established... and Stanford gave them MY records, and yours (if you have been a patient at SHC in the past few years.) This is not about identity theft, this is about breach of patient confidentiality. Period. If the Hospital had given the records to a local hot dog vendor, I can guarantee they would be still be pointing a finger at someone other than themselves.


 +   Like this comment
Posted by susie
a resident of College Terrace
on Oct 5, 2011 at 1:47 am

I think it is REALLY important for the world that this lawsuit be successful.

The publishing of medical records in a country where insurance can be denied or a job lost based on "health" comprises criminal negligence.

It is important not just to reimburse these people but to the rule of law.

Stanford has deep pockets. they should pay up.


 +   Like this comment
Posted by $$$
a resident of Another Palo Alto neighborhood
on Oct 5, 2011 at 8:23 am

People will sue for any free money, especially in this economy.


 +   Like this comment
Posted by Walter_E_Wallis
a resident of Midtown
on Oct 6, 2011 at 4:59 am

Walter_E_Wallis is a registered user.

Perhaps if we required parties to a class action lawsuit to pony up a retainer of, say $100 to be included...


 +   Like this comment
Posted by Patient
a resident of Charleston Gardens
on Oct 6, 2011 at 6:04 am

Well I'm one of those affected by the breach. And I didn't go into the ER to get treated and then have my information splattered all over the internet. So I'm all for it.


 +   Like this comment
Posted by Brian McGinley
a resident of another community
on Oct 6, 2011 at 8:25 am

The breach of data at Stanford Hospital and Clinic demonstrates the need for companies to thoroughly vet all third party vendors and contractors. Despite the information being properly secured by Stanford Hospital, the third party failed to properly secure and manage the information once it was in their hands. It is important to do the appropriate due diligence before engaging a vendor with whom you will be sharing sensitive information and then insuring the appropriate protection, notification, insurance requirements as well as liability considerations are appropriately stated and enforced within in the contract. Companies using external resources for any managing of information need to conduct a review of the third party's practices in protecting and sharing data. Failure to do so puts your customers, partners and your company at risk.

Signed,
Brian McGinley
SVP, Data Risk Management
Identity Theft 911
idt911.com


 +   Like this comment
Posted by victim of the breach
a resident of Downtown North
on Oct 6, 2011 at 8:35 am

Well here's the funny thing.... this was simply ONE batch of 20,000 records that was revealed, by those "vendors" has been sent, were given access, to many many more records over the past few years.... maybe even your record. And if you read the New York Times most recent article (today), you'll get a sense of how unprofessional these selected vendors were. Stanford Hospital sent patient records to a one-man "company" who then gave the information to someone he was interviewing for a job! The job applicant was given legally protected confidential data, and then posted it online. ...Isn't that special!

As for the snide remarks about a class action....victims don't get rich from class actions... if any of you want a whooping $1000 in exchange for posting your most confidential health and medical data on some frivolous student website, than just wait.... it could happen for you sooner or later, or maybe already has.


 +   Like this comment
Posted by victim of the breach
a resident of Downtown North
on Oct 6, 2011 at 8:42 am

I apologize for all the typos, using an iPhone. here is what I intended:

Well here's the funny thing.... this was simply ONE batch of 20,000 records that was revealed, but those "vendors" had been sent, and given access, to many many more records over the past few years.... maybe even your record. And if you read the New York Times most recent article (today), you'll get a sense of how unprofessional these selected vendors were. Stanford Hospital sent patient records to a one-man "company" who then gave the information to someone he was interviewing for a job! The job applicant was given legally protected confidential data, and then posted it online.

As for the snide remarks about a class action....victims don't get rich from class actions... if any of you want a whooping $1000 in exchange for posting your most confidential health and medical data on some frivolous student website, then just wait.... it could happen for you sooner or later, or maybe already has.


 +   Like this comment
Posted by perfect
a resident of Southgate
on Oct 6, 2011 at 9:06 am

It is ok to write imperfect grammar, it is ok to have an imperfect life and it is ok to know that they had lost our records, coz life is full of imperfect events.


 +   Like this comment
Posted by disbelief
a resident of Los Altos
on Oct 6, 2011 at 10:04 am

> to Perfect
Somehow that doesn't compute. Why have laws and regulations if life is so "imperfect?" How absurd to equate a few words of one individual's imperfect grammar with the sweeping imperfect responsibility of a medical institution. Why even have HIPPA rules at all in such an imperfect world?


 +   Like this comment
Posted by perfect
a resident of Southgate
on Oct 6, 2011 at 10:20 am

The government creats the law,some are for wars, some are for oils,some are for riches,so they are impecfect also.


 +   Like this comment
Posted by disbelief
a resident of Los Altos
on Oct 6, 2011 at 10:43 am

Yes, "perfect." The patient who goes to the Stanford Hospital emergency room for (culturally stigmatized) HIV complications, or the woman who seeks treatment after a violent rape, should expect to have their confidential medical data openly displayed on the web for all to see. We should just smile at them and say, "hey, it's an imperfect world. Get over it!"


 +   Like this comment
Posted by perfect
a resident of Southgate
on Oct 6, 2011 at 10:52 am

Yeah, what you can do, ask the students who saw it to spit it out from their throats.How funny!!!!!!!!


 +   Like this comment
Posted by Jon Michaels
a resident of Gunn High School
on Mar 5, 2014 at 9:50 am

Stanford University is one of the most corrupt institutions. Never send your kids to Stanford for an education.


 +   Like this comment
Posted by Mom
a resident of Palo Alto High School
on Mar 5, 2014 at 10:43 am

@Jon: It's acceptance letter time. I'm guessing your senior didn't gain an acceptance letter to Stanford? The only way for Palo Altans to be admitted to Stanford is through connections.


Don't miss out on the discussion!
Sign up to be notified of new comments on this topic.

Email:


Post a comment

Posting an item on Town Square is simple and requires no registration. Just complete this form and hit "submit" and your topic will appear online. Please be respectful and truthful in your postings so Town Square will continue to be a thoughtful gathering place for sharing community information and opinion. All postings are subject to our TERMS OF USE, and may be deleted if deemed inappropriate by our staff.

We prefer that you use your real name, but you may use any "member" name you wish.

Name: *

Select your neighborhood or school community: * Not sure?

Comment: *

Verification code: *
Enter the verification code exactly as shown, using capital and lowercase letters, in the multi-colored box.

*Required Fields

Mixx, Scott's Seafood replacement, opens in Mountain View
By Elena Kadvany | 4 comments | 2,254 views

Ten Steps to Get Started with Financial Aid
By John Raftrey and Lori McCormick | 1 comment | 1,580 views

All Parking Permits Should Have a Fee
By Steve Levy | 21 comments | 1,465 views

For the Love of Pie
By Laura Stec | 5 comments | 1,328 views

Repeating and “You” Sentences
By Chandrama Anderson | 4 comments | 882 views