The breach was discovered by a patient and reported to the hospital on Aug. 22, according to a letter written four days later to affected patients by Diane Meyer, Stanford Hospital’s chief privacy officer. The hospital took “aggressive steps,” and the Web site (removed) the post the next day, Ms. Meyer wrote. It also notified state and federal agencies, Mr. Migdol said.
“It is clearly disturbing when this information gets public,” he said. “It is our intent 100 percent of the time to keep this information (confidential) and private, and we work hard every day to ensure that.”
Diane Dobson, of Santa Clara, Calif., said her “jaw dropped” on Saturday when she intercepted the letter from Ms. Meyer (addressed) to her 21-year-old son, who she said had received emergency psychiatric treatment at Stanford in 2009. Ms. Dobson said it could have been (disastrous) if her son, who lives at home, had learned that his name was linked to a mental health diagnosis.
“My son, I can tell you, is fragile and (confused) enough that this would have sent him over the edge,” Ms. Dobson said, saying she decided to speak publicly now because of her (frustration) with the breach. “Everyone with an electronic medical record is at risk, and that means everyone.”
Records compiled by the Department of Health and Human Services reveal that personal medical data for more than 11 million people have been improperly exposed during the past two years (alone).