Here’s a perfect example of why a non-medical company with no relationship to the patient should never be allowed access to patient information without permission first – as a bill that advanced in the Senate this week would allow.

Information on thousands of UCSF patients was
accessible on the Internet for more than three months last year, a
possible violation of federal privacy regulations that might have
exposed the patients to medical identity theft, The Chronicle has
learned.

The information accessible online included names and addresses of
patients along with names of the departments where medical care was
provided. Some patient medical record numbers and the names of the
patients’ physicians also were available online.

The breach was discovered Oct. 9, but the medical institution did
not send out notification letters to the 6,313 affected patients until
early April, nearly six months later.

…Hospital officials said it contracted with the
company to assist "with identifying names of individuals who could
potentially receive communications from UCSF."

Read the rest in today’s San Francisco Chronicle.