Stanford Hospital and Clinics in Palo Alto, Calif., is investigating how the private medical records of 20,000 emergency room patients were posted online for nearly a year, the New York Times reported today.
The breach landed a spreadsheet of patient names, diagnoses and billing charges on the homework help website StudentofFortune.com. The spreadsheet, uploaded to the site Sept. 9, 2010 and discovered by a patient Aug. 26, 2011, was attached to a question about converting the data into a bar graph, the Times reported.
The spreadsheet has been taken offline and affected patients have been notified.
The breach is the latest linked to the emergence of electronic medical record keeping as a cheaper, more accessible alternative to paper charts. Since 2009, the Department of Health and Human Services estimates that personal medical information for more than 11 million people has been exposed. Stolen computers, hacked networks and misdirected e-mails are just a few ways the files fall into the wrong hands, the Times reported.
But paper charts aren’t immune to privacy problems. Last year Massachusetts General Hospital agreed to pay a $1 million fine after an employee left paper records on a subway during a morning commute.
Experts say electronic medical records hold promise in streamlining health care for patients who see multiple doctors and take multiple medications, some of which may be dangerous in combination. But like all tools in a doctor’s bag, electronic records are only effective in skillful hands.