St Joseph Health, a healthcare system based in Irvine, Calif, has reached a $7.5 million settlement agreement in a class action lawsuit involving nearly 32,000 patients whose health data was inadvertently released online, according to a report by Fierce Healthcare.
Court records indicate that in January 2012, a patient conducting a Google search discovered that her medical information was publicly accessible on the Web. She proceeded to notify St Joseph that her own records and those of several thousand other patients were available, including diagnoses lists, active medication lists, lab results, medication allergies, body mass index (BMI), blood pressure, smoking status, advance directive status, and demographic information, including spoken language, ethnicity, race, gender and birth date.
The information, which had been released accidentally, was allegedly available from February 2011 through February 2012. St Joseph notified its patients in mid-February 2012. Individuals affected by the data dump were patients at a number of St Joseph facilities, including Mission Hospital Regional Medical Center, St Jude Hospital, Queen of the Valley Medical Center, Santa Rosa Memorial Hospital, Petaluma Valley Hospital Auxiliary, among others.
The settlement agreement mandates that St Joseph pay all patients whose medical information was accessible on the Internet during the 13-month window, for an average payment of about $236 per patient.
For more information, see the court documents.