The vendor, identified by Mr. Migdol as Multi-Specialty Collection Services L.L.C., based in Los Angeles, is (described) on its Web site as a (subsidiary) of Texican Inc. Joe Anthony Reyna, who is listed in state and commercial records as Texican’s principal, did not (respond) to messages left at his office and home.
Mr. Migdol said the company created the spreadsheet as part of a billing-and-payment analysis for the hospital. He said the hospital immediately suspended its relationship with the (contractor) and received written certification that previous files would be destroyed or returned securely.
Tina Warner, a vice president at Chegg, an online company that bought Student of Fortune in August, said the site’s (principals) were unaware the data had been posted until informed by the hospital. They then “took it down within 30 seconds,” she said. Ms. Warner said the (identity) of the person who posted the Stanford data could not be determined from the user name.
Bryan Cline, a vice president with the Health Information Trust Alliance, a nonprofit company that establishes privacy guidelines for health providers, said nearly 20 percent of breaches (involved) outside contractors, accounting for more than half of all the records exposed.
Dr. Cline said health care providers depend (unjustifiably) on legal contracts with vendors to protect medical records. “That just doesn’t work, as we can see,” he said. “You have to do due diligence, something to assure yourself that the people you’re giving your data to can be trusted.”