A California hospital faces a multi-million dollar class action lawsuit after private patient information was supplied to a business contractor and posted on the Internet, an indication of how sharing sensitive patient information — even with trusted business partners — can put you in danger of violating healthcare privacy regulations.
In a statement on its website, Stanford Hospital & Clinics (SHC) says that the breached patient data was provided to a contractor providing financial support services to the hospital as part of normal business procedures. SHC claims the contractor then improperly shared the data with a third party who posted the data on a public website. SHC stated that the hospital supplied the data in encrypted format to protect patient privacy, and that the contractor allegedly mishandled the data in violation of a privacy agreement with the hospital.
Notaries working in healthcare should always remember that any sensitive patient data they handle is protected under the Federal HIPAA rule, and sharing that information with any outside party — even a legitimate business partner — can result in data breaches similar to the SHC situation. When securing information in a journal of notarial acts or any other sensitive information they have access to, Notaries must always be sure to follow HIPAA privacy guidelines, relevant state privacy and notarial laws and workplace privacy policies.