post by Bill Gardner
Private medical data for nearly 20,000 emergency room patients at California’s prestigious Stanford Hospital were exposed to public view for nearly a year because a billing contractor’s marketing agent sent the electronic spreadsheet to a job prospect as part of a skills test, the hospital and contractors confirmed this week. The applicant then sought help by unwittingly posting the confidential data on a tutoring Web site.
- Stanford outsourced some of the billing for its emergency department, and thought it was sending a spreadsheet of data on those patients to a collection company.
- In fact, it was sending the data to a marketing firm hired by the collection company.
- The marketer was looking to hire someone who could analyze hospital data. He sent the spreadsheet to a job candidate, as part of a problem he wanted her to solve.
- Looking for help in solving the problem, she posted the data on a web forum.
- Where it sat for a year for anyone to look at.
This is data leakage. It's not a Mission Impossible data heist. It is just a random collection of people taking shortcuts to get things done. Probably knowing that something bad might happen, but, hey, it won't happen this time.
It is absolutely critical for the future of better health care that we fix this. Analyzing health data at the individual level is the essence of what personalized, smart, evidence-based medicine is about. If we cannot protect health information, countries will pass excessive privacy laws that will make it impossible to analyze health information at the individual level. The fix has to involve norms, technologies, and procedures that make it easy to use data in protected ways, and hard to do in unsafe ways.