Update: Kaiser Permanente patient data exposed online

Computerworld - A disgruntled former employee at Kaiser Permanente, a health maintenance organization in Oakland, Calif., posted a link to a Web site containing the personal information of 140 Kaiser patients -- an effort, she said, to call attention to a potential breach of privacy laws by the company.
The company had sought a restraining order in Alameda County Superior Court against the woman, Elisa D. Cooper, who posted the information on her Web log, according to Kaiser spokesman Matthew Schiffgens. That request was turned down, but another hearing on the matter is set for March 23.
Schiffgens said Cooper, also known as the "Diva of Disgruntled," continued to post the information despite a cease-and-desist request from Kaiser, which learned about her allegations in January from the U.S. Office of Civil Rights -- the enforcement arm under the Health Insurance Portability and Accountability Act. The federal agency began looking into the matter after the woman filed a complaint with it.
The company is investigating whether it had a hand in exposing the data. In the meantime, Cooper has agreed not to further use or publicly disseminate the personal data of Kaiser members on the Internet or elsewhere pending further court action.
According to Schiffgens, the data exposed included contact information such as names, addresses and telephone numbers, as well as medical record numbers that are unique identifiers within Kaiser Permanente. For a very small portion of the HMO's members, some routine lab information was also posted, he said.
Kaiser is now contacting the affected patients while it tries to determine on its own how the patient information became public. Cooper said she stumbled on it while doing a search for information about the company; Schiffgens denied that the data would have been publicly available.
"We're aware of the individual's allegations as to Kaiser Permanente posting this information to the Web," he said. "Our investigations have not been able to determine that, and we continue to investigate how this information came into her possession. What I can say is that Kaiser had a Web site that made various different schematics available so that remote IT people could do their work and see the schematics of the systems they were working on."

Cooper, who described herself in an e-mail message to Computerworld as a former "Web coordinator" for the HMO, claimed that the Web site she found contained diagrams of Kaiser systems, as well as the confidential patient data. In fact, she said she accessed the site using Google.
"I had been trying to