• "One of the nation's premier plaintiffs' firms."

    American Lawyer

  • "Representing the best qualities of the plaintiffs' bar."

    The National Law Journal

  • "Their effective and caring advocacy for clients has earned Lieff Cabraser its first-class reputation."

    The Daily Journal
  • NLJ Hot List icon
  • U.S. News Best Lawyers badge 2011-2012
  • Super Lawyers Nationwide
  • National Law Journal Influential Attorneys badge
  •  
    Visit us on Facebook
    Follow us on Twitter
    View our YouTube channel
    Read our LinkedIn profile
    Visit us on Google+
Case Center

Stanford Hospital Medical Privacy Breach

  • Issue: Disclosure of confidential medical records

Stanford Hospital Patient Privacy Breach Investigation

Lieff Cabraser is currently investigating a medical privacy breach that led to the public online posting of 20,000 emergency room patients’ data during a nearly twelve month period from the Stanford Hospital in Palo Alto, California. The data was online since Sept 9, 2010 and included a spreadsheet with names, diagnosis codes, discharge dates, and billing charges. The data did not include Social Security numbers, birth dates, or credit-card information.

The breach was discovered by a patient and reported to the hospital on August 22, 2011. The website, called Student of Fortune, was removed the next day, and state and federal agencies were also notified.

As reported in The New York Times, Diane Dobson, of Santa Clara, California, whose son received psychiatric treatment at Stanford, was shocked to learn of the breach: “My son, I can tell you, is fragile and confused enough that this would have sent him over the edge. […] Everyone with an electronic medical record is at risk, and that means everyone.”

California Law on Protecting the Privacy Interests of Patients

California’s Confidentiality of Medical Information Act requires health care service plans to protect its subscribers’ confidential medical information and avoid disclosing the information to third parties except under very limited circumstances. The health plans must obtain patients’ written authorization to disclose their medical information to third party vendors.

In addition, California Civil Code section 1798.82 requires the businesses and entities that hold personal information must promptly disclose any breach of unencrypted personal information that was, or is reasonably believed to have been, acquired by an unauthorized person. The underlying purpose of section 1798.82 is to allow California residents whose personal information has been compromised to make an intelligent and prompt decision about what actions to take.

Contact Lieff Cabraser

If your private medical information has been compromised or posted online without your consent, please submit your complaint to Lieff Cabraser.

We represent patients and other individuals in multiple cases arising from breaches of private information and violations of privacy. We will review your case without charge and obligation. All information will be held strictly confidential.

Practice Areas