Update: Kaiser Permanente patient data exposed online
The company is pointing a finger at a former employee
Computerworld - A disgruntled former employee at Kaiser Permanente, a health maintenance organization in Oakland, Calif., posted a link to a Web site containing the personal information of 140 Kaiser patients -- an effort, she said, to call attention to a potential breach of privacy laws by the company.
The company had sought a restraining order in Alameda County Superior Court against the woman, Elisa D. Cooper, who posted the information on her Web log, according to Kaiser spokesman Matthew Schiffgens. That request was turned down, but another hearing on the matter is set for March 23.
Schiffgens said Cooper, also known as the "Diva of Disgruntled," continued to post the information despite a cease-and-desist request from Kaiser, which learned about her allegations in January from the U.S. Office of Civil Rights -- the enforcement arm under the Health Insurance Portability and Accountability Act. The federal agency began looking into the matter after the woman filed a complaint with it.
The company is investigating whether it had a hand in exposing the data. In the meantime, Cooper has agreed not to further use or publicly disseminate the personal data of Kaiser members on the Internet or elsewhere pending further court action.
According to Schiffgens, the data exposed included contact information such as names, addresses and telephone numbers, as well as medical record numbers that are unique identifiers within Kaiser Permanente. For a very small portion of the HMO's members, some routine lab information was also posted, he said.
Kaiser is now contacting the affected patients while it tries to determine on its own how the patient information became public. Cooper said she stumbled on it while doing a search for information about the company; Schiffgens denied that the data would have been publicly available.
"We're aware of the individual's allegations as to Kaiser Permanente posting this information to the Web," he said. "Our investigations have not been able to determine that, and we continue to investigate how this information came into her possession. What I can say is that Kaiser had a Web site that made various different schematics available so that remote IT people could do their work and see the schematics of the systems they were working on."
Cooper, who described herself in an e-mail message to Computerworld as a former "Web coordinator" for the HMO, claimed that the Web site she found contained diagrams of Kaiser systems, as well as the confidential patient data. In fact, she said she accessed the site using Google.
"I had been trying to dispute my termination, but Kaiser would not allow
- Building a New Era in Enterprise IT As the digital revolution spawned by the explosive growth of disruptive technologies such as mobile, cloud, social, and analytic tools continues to fundamentally...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- AIIM Trendscape: The New Mobile Reality This AIIM Trendscape report shares data, expert opinions, and a unique perspective on the impact of cloud and mobility in the enterprise, surfacing...
- Empowering Your Mobile Workers A modern mobile IT strategy is no longer an option, it is an absolute necessity. Here's how some of the nation's most progressive...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!