Stanford Hospital Agrees to $4M Data Breach Class Action Settlement

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

On Wednesday, a California judge indicated his intent to grant preliminary approval to a $4.1 million class action settlement over allegations Stanford Hospital & Clinics violated a state privacy law when it allowed the confidential medical records of thousands of patients to be posted on a commercial website for close to a year.

Los Angeles Superior Court Judge Elihu Berle asked the parties to make small changes to the notification form before he will approve the class action settlement, which will likely provide Class Members with $100 each. The proposed Stanford data breach settlement also sets aside $500,000 for an education program designed to prevent similar data breaches from occurring in the future.

On Aug. 22, 2011, a patient notified Stanford Hospital & Clinics that patient information was posted online. Stanford confirmed the data breach in September 2011 and revealed that the released information included medical record numbers, hospital account numbers, billing charges, and emergency room admission and discharge dates. It also allegedly revealed a patient’s psychiatric diagnosis. No Social Security or credit card numbers were affected by the data breach, according to Stanford.

After Stanford confirmed the data breach, Shana Springer filed the class action lawsuit on behalf of fellow patients who were treated in Stanford’s emergency room between March 1, 2009 and Aug. 31, 2009.

According to the class action lawsuit, the patients’ confidential medical information was contained in a spreadsheet posted on a homework help website called Student of Fortune, which offered to pay someone to create a graph to display the data. Stanford alleged that it had provided the spreadsheet in an encrypted format to Multi-Specialty Collection Services LLC, Stanford’s billing subcontractor. Stanford put the blame for the data breach squarely on the shoulders of the subcontractor, claiming that Multi-Specialty Collection Services “mishandled” the patient data.

The class action lawsuit alleges that Stanford and Multi-Specialty Collection Services violated the California Confidentiality of Medical Information Act, which prohibits medical providers from disclosing patients’ medical information without their written consent.

The Stanford data breach lawsuit initially sought damages in the amount of $1,000 per affected patient. Approximately 20,000 patients were allegedly affected by the data breach. While the payout proposed by the class action settlement offers substantially less money to Class Members, the class action attorneys state that the Stanford data breach settlement would be the largest of any medical data breach settlement to date.

Further information about the Stanford data breach settlement was not immediately available. Keep checkingTopClassActions.com or sign up for our free newsletter for the latest updates. You can also mark this article as a “Favorite” using your free Top Class Actions account to receive notifications when this article is updated.

The plaintiffs are represented by Richard L. Kellner of Kabateck Brown Kellner LLP.

The Stanford Hospital Data Breach Class Action Lawsuit is Shana Springer, et al. v. Stanford Hospitals & Clinics, et al., Case No. BC470522, in the Superior Court of the State of California, County of Los Angeles.