A hospital and its subcontractors agreed to settle a class action lawsuit alleging violations of California’s health privacy law after the private health information of roughly 20,000 individuals was posted publicly for nearly one year. Plaintiffs, patients at Stanford Hospital's Emergency Department, filed a class action in September 2011 alleging that Stanford’s billing subcontractor posted confidential and sensitive medical information, including Stanford patients’ names, medical records, hospital account numbers, admission/discharge dates, diagnoses codes, and billing charges on a public website called Student of Fortune, an online marketplace for students needing help with homework, for almost a full year. The complaint alleges that such disclosure violated California’s Confidentiality of Medical Information Act, which prohibits health care providers from disclosing a patient’s medical information without first obtaining written authorization from the patient. Judge Elihu Berle said that he would most likely grant approval of the parties’ settlement agreement, which currently provides about $100 to each class member and provides for $500,000 for the creation of an education program to avoid similar instances in the future.   

TIP: This case is a reminder to look at the activities of your subcontractors, especially those entrusted with confidential information.