Records Security Breach at Cottage Hospital

32,500 Patient Files Compromised

Thursday, December 12, 2013
Article Tools
Print friendly
E-mail story
Tip Us Off
iPod friendly
Share Article

Cottage Hospital administrators notified 32,500 patients that the security protections limiting outside access to their health records had been removed by a third-party vendor, posing the possibility that the contents of these records may have been breached. “At this time, there is no evidence to suggest that anyone has used the information stored on the server,” stated Steven Fellows, Cottage executive vice president.

According to Fellows’s memo, the files in question contained the medical records of up to 32,500 patients who’d been treated at Cottage’s Goleta, Santa Ynez, and Santa Barbara centers between September 29, 2009 and December 2, 2013. According to Fellows, the files contained no financial information, drivers licenses, or Social Security numbers. They did, however, contain some medical details relating to diagnosis, lab test results, and procedures performed.

Cottage spokesperson Maria Zate stated in a press release that the vendor has since been terminated and that Cottage is conducting an audit of security protocols to determine whether other breaches may have occurred. To date, she said, there’s no evidence to suggest that’s happened.

Zate said the hospital learned that the vendor removed the electronic security device without notifying Cottage when an unnamed third party left a voicemail on Cottage’s phone system, alerting hospital administrators that health details relating to one patient had surfaced during a Google search.

Cottage mailed the notice last Friday and has received some calls back, said Zate, “But the phones haven’t been ringing off the hook.” She said Cottage is offering a range of remedial security services for any patients who are interested.


Independent Discussion Guidelines

And not a mention of Obamacare! Isn't this a privately run hospital? You mean everything run privately isn't perfect? I'm shocked.

sharpen123 (anonymous profile)
December 11, 2013 at 9:34 p.m. (Suggest removal)

Obamacare's demand for 100% electronic records is badly ill-advised; just like everything else about Obamacare. But couldn't be a better legacy for someone who never should have been elected to any office, ever.

foofighter (anonymous profile)
December 11, 2013 at 10 p.m. (Suggest removal)

This is about a breach in security of privately owned hospital medical records. My argument is that not everything done privately is done well. I have heard that EVERYTHING is always done better privately. This proves my point.

sharpen123 (anonymous profile)
December 11, 2013 at 10:21 p.m. (Suggest removal)

You are not making your point at all. Who forced electronic records on the private business in the first place? The government. Just like who forced banks to issue liar loans in the housing meltdown. The government.

When hospitals function primarily on government funding from Medicare to government employee gold-plated health insurance plans, you can no longer call them "private industries".

Please take some basic business finance courses and learn the difference, if there is anything even left in purely private business anyway in this land of government intrusion, interference and regulations.

foofighter (anonymous profile)
December 12, 2013 at 9:56 a.m. (Suggest removal)

sharpen123, the argument is NOT that "private industry always does everything right".

The argument is that if government does it then they create a monopoly on the industry and if they mess it up there is no competition and we are stuck with them.

If private industry messes up, there are alternatives and competition. Nobody is holding a gun to your head forcing you to purchase services from the private market - oh wait - the government forces you to purchase products and services from the private market like utilities and now health insurance.. not to mention everything they subsidize from GMO corn and wheat to generations of cheap oil that has cost millions in innocent lives lost in wars and occupation of the middle east. And we wonder how we got addicted to oil.

foofighter is correct that government is pushing for electronic medical records. I think they are inevitable and it isn't necessarily a bad thing in theory. If you get injured in an accident in another state and they take you to the hospital, it might be nice for them to find out things like medication allergies or any installed equipment with a simple search, but it should be a service offered to patients rather than foisted on them through government regulation.

loonpt (anonymous profile)
December 12, 2013 at 11:22 a.m. (Suggest removal)

If medical records are so critical for the individual to have in the case of an accident in another jurisdiction, why is it the government's obligation to make those records available. It is the individuals obligation to carry this critical information with them at all times.

Are you catching on what the nanny-state mentality is all about?

Predicated on the never-proven theory that the government as a remote behemoth does a better job than the individual who has their own interest at stake and should be the primary person responsible for protecting those interests.

Plus you have created a fantasy scenario that has little viability in modern health care. Using "what ifs" to generate more government intrusion into our lives for no net benefit is what has gone so wrong with this country.

The first knee-jerk reaction needs to be --- that is the responsibility of the individual to take care of their own needs; not create another massive government bureaucracy to act as a substitute nanny but with no inherent accountability or mission.

foofighter (anonymous profile)
December 12, 2013 at 11:52 a.m. (Suggest removal)

Foo you carry your own entire medical history with you at all times?

Its amazing what those gears inside your skull spin out in a desperate attempt to appear to be what you imagine a Conservative to be after years of Limbaugh indoctrination.

Ken_Volok (anonymous profile)
December 12, 2013 at noon (Suggest removal)

So much hate and anger foo. Never should have been elected to any office? I suppose you prefer old white men who are bought and paid for governing you? Oh wait, they are all bought and paid for outside of their take home pay.

spacey (anonymous profile)
December 12, 2013 at 12:49 p.m. (Suggest removal)

Good debate to parse out. Standard stuff. Defenses vacuous and avoid the main point: price of the nanny-state. Both fiscal prices and personal prices when turning over one's life to the government to be there for you 24/7, instead of yourself.

If you want to continue with the substance of this discussion, keep reading. The whole point of MedAlert dog tags was to warn MDs if you have any sort of life-threatening condition you feel is important for someone to know if you lost consciousness.

Low tech, cheap and done by personal initiative for those in need; not foisted indiscriminately on the wider population and demanding someone else pay for this purely hypothetical "what if" mandate.

More disturbing are the early reports finding electronic record keeping is increasing the cost of medical services because of the ease of responding to boiler plate algorithms per patient, rather than delivering individualized and contextual care. In this way indeed we are moving into the world of the "single provider" -- a computer who tells you what you need and then bills you according to treatment; not outcomes

foofighter (anonymous profile)
December 12, 2013 at 1:03 p.m. (Suggest removal)

I'll say one thing though. Cottage hospital shouldn't be asking for the SSN's of it's patients. The only people that should give their SSN to a doctor or a hosptial are those that work for them. I've had doctors and hospitals give me grief for not providing my SSN, but it is not and should not be required for treatment.

Botany (anonymous profile)
December 12, 2013 at 1:24 p.m. (Suggest removal)

Botany, unless you pay upfront for the services to be rendered to you at cottage or any healthcare facility they will ask you for you SSN because they are extending credit to you. Even if you are covered by insurance, that is no guarantee of full payment and thus to protect themselves financially they will ask you for your SSN should they need to seek collection proceedings for failure to pay. You can't walk into a bank and ask for credit and refuse to give your SSN...same principle applies here.

johninsb (anonymous profile)
December 12, 2013 at 1:59 p.m. (Suggest removal)

No, you are not asking for credit. Using your argument, every contractor I deal with should be asking my SSN before we do business. You are paying for services rendered. Certainly they can ask for proof of insurance or demand payment when services are rendered.

Botany (anonymous profile)
December 12, 2013 at 2:20 p.m. (Suggest removal)

Botany (anonymous profile)
December 12, 2013 at 2:23 p.m. (Suggest removal)

Yes Botany, You argue the "they shouldn't " ask for a SSN, they have a right to ask for information that best can protect them financially. When they render services to you and you do not pay upfront they are extending you credit, and so does a contractor except a contractor makes a business choice not to ask you for you SSN. You do have an option should you refuse to give information to select another healthcare provider.

johninsb (anonymous profile)
December 12, 2013 at 2:30 p.m. (Suggest removal)

Anyone taking an Obamacare patient is also extending credit because they get a two month free ride if they stop paying their premiums. First month has to be covered by the insurance company, but the next two before the plan gets canceled is at the health care providers expense.

Who pays for the deductibles when people are forced to sign up for health insurance they claimed they never wanted or could afford in the past? Will they magically now have cash on hand to pay for deductibles?

Where is their any viable study proving "preventive" care returns cash to the system? Seriously, where is this study besides in someone's fantasy land of theoretical thinking.

foofighter (anonymous profile)
December 12, 2013 at 3:07 p.m. (Suggest removal)

Well, I guess the point is they can ask for anything, and I can refuse to give what they ask for or not. They can ask for my toenail clippings for all I care. And they can refuse care if I don't provide them. (except a hospital emergency dept.)

Botany (anonymous profile)
December 12, 2013 at 3:27 p.m. (Suggest removal)

Who is the vendor?

Last I heard it was CIO Solutions.
If that is not accurate please feel free to correct me.

I wonder if CIO is liable to the people they have damaged or would it be Cottage? Good for the hospital for at least firing the responsible party.

I hope the situation does not worsen because I just got a letter in the mail that my information was compromised.

mesamiriam (anonymous profile)
December 12, 2013 at 7:30 p.m. (Suggest removal)

One major issue that has risen on the privacy of the US network for electronic health records is the strategy to secure the privacy of patients. Former US president Bush called for the creation of networks, but federal investigators report that there is no clear strategy to protect the privacy of patients as the promotions of the electronic medical records expands throughout the United States. In 2007, the Government Accountability Office reports that there is a "jumble of studies and vague policy statements but no overall strategy to ensure that privacy protections would be built into computer networks linking insurers, doctors, hospitals and other health care providers."[67]

Within the private sector, many companies are moving forward in the development, establishment and implementation of medical record banks and health information exchange. By law, companies are required to follow all HIPAA standards and adopt the same information-handling practices that have been in effect for the federal government for years. This includes two ideas, standardized formatting of data electronically exchanged and federalization of security and privacy practices among the private sector.[69] Private companies have promised to have "stringent privacy policies and procedures." If protection and security are not part of the systems developed, people will not trust the technology nor will they participate in it.[67]


Blaming Obamacare is false, as usual.

tabatha (anonymous profile)
December 13, 2013 at 6:39 a.m. (Suggest removal)

The backlog of claims more than four months old stands at almost a half-million. The delays used to be even worse: Under relentless pressure from Congress, veterans groups and the news media, the VA finally started shrinking the claims backlog this year. But the lethargic department doesn't plan to clear it completely for at least two more years, and veterans will still have to wait up to four months for an answer on their claims. That's a pitiful, unambitious goal, and there's deep concern that the VA can't even meet it.

Things got this bad because no one at the VA apparently had the wit to look at the numbers and plan for the enormous wave of veterans that would be coming their way.

Most of the causes are obvious: Huge numbers of vets filing claims, an antiquated system that keeps most records on paper despite a long-promised effort to digitize them, and a maddening disconnect between the VA and the Pentagon over getting veterans' medical records

tabatha (anonymous profile)
December 13, 2013 at 6:43 a.m. (Suggest removal)

event calendar sponsored by: