Dive Brief:
- Stanford Hospital and Clinics is facing a $4.1 million class action settlement after violating California's health privacy law, the Confidentiality of Medical Information Act.
- The settlement, approved last week in Superior Court, stems from a 2010 incident when protected health information on nearly 20,000 of its patients was wrongfully posted to a student website. The information, which remained public for a year, included medical diagnoses and patient names.
- One of those patients filed the $20 million class-action lawsuit against Stanford and business associate Multi-Specialty Collection Services, which was found partly responsible.
Dive Insight:
This suit is a reminder of at least two things: that violating state privacy laws can be very expensive and that insufficiently supervising your business associates can be disastrous. It also makes you wonder how private information could remain publicly accessible for an entire year without raising any red flags. Clearly, something important was missing in Stanford's ongoing privacy protection efforts.