Update: Kaiser Permanente patient data exposed online
The company is pointing a finger at a former employee
Computerworld - A disgruntled former employee at Kaiser Permanente, a health maintenance organization in Oakland, Calif., posted a link to a Web site containing the personal information of 140 Kaiser patients -- an effort, she said, to call attention to a potential breach of privacy laws by the company.
The company had sought a restraining order in Alameda County Superior Court against the woman, Elisa D. Cooper, who posted the information on her Web log, according to Kaiser spokesman Matthew Schiffgens. That request was turned down, but another hearing on the matter is set for March 23.
Schiffgens said Cooper, also known as the "Diva of Disgruntled," continued to post the information despite a cease-and-desist request from Kaiser, which learned about her allegations in January from the U.S. Office of Civil Rights -- the enforcement arm under the Health Insurance Portability and Accountability Act. The federal agency began looking into the matter after the woman filed a complaint with it.
The company is investigating whether it had a hand in exposing the data. In the meantime, Cooper has agreed not to further use or publicly disseminate the personal data of Kaiser members on the Internet or elsewhere pending further court action.
According to Schiffgens, the data exposed included contact information such as names, addresses and telephone numbers, as well as medical record numbers that are unique identifiers within Kaiser Permanente. For a very small portion of the HMO's members, some routine lab information was also posted, he said.
Kaiser is now contacting the affected patients while it tries to determine on its own how the patient information became public. Cooper said she stumbled on it while doing a search for information about the company; Schiffgens denied that the data would have been publicly available.
"We're aware of the individual's allegations as to Kaiser Permanente posting this information to the Web," he said. "Our investigations have not been able to determine that, and we continue to investigate how this information came into her possession. What I can say is that Kaiser had a Web site that made various different schematics available so that remote IT people could do their work and see the schematics of the systems they were working on."
Cooper, who described herself in an e-mail message to Computerworld as a former "Web coordinator" for the HMO, claimed that the Web site she found contained diagrams of Kaiser systems, as well as the confidential patient data. In fact, she said she accessed the site using Google.
"I had been trying to dispute my termination, but Kaiser would not allow
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts