Court orders blogger to stop posting Kaiser patient data
The woman had already promised not to do so
Computerworld - An Alameda County Superior Court judge yesterday ordered Elisa Cooper, a former Web coordinator at Kaiser Permanente, to stop posting and distributing the confidential information of 140 of its patients over the Internet (see story).
Although Cooper, who called herself the "diva of disgruntled," told the court she would keep the promise she made last week not to post the information, officials for the health maintenance organization in Oakland, Calif., sought the injunction anyway.
"We got a preliminary injunction in court," said Kaiser spokesman Matthew Schiffgens. "Both sides had the opportunity to portray why the injunction should or should not be served, and Cooper said, 'Why do we need an injunction?' She promised not to do it, but now if she does it, she will be in contempt of court and subject to court sanctions."
Schiffgens said he doesn't know what the sanctions are because Kaiser hasn't seen the injunction yet. "But this gives us remedy and gives our members an additional level of security to know the court takes this matter seriously," he said.
Kaiser learned of Cooper's actions in January from the U.S. Office of Civil Rights -- the enforcement arm under the Health Insurance Portability and Accountability Act. Cooper said she filed a complaint against Kaiser with the OCR after coming across the information on a public Web site. She also linked to the site from her weblog, and when Kaiser had the site taken down, she posted copies of the information on the Internet.
Schiffgens blamed Cooper for posting the information to a public Web site, saying the information was available only on a nonpublic corporate internet.
An internal investigation into the incident, he said, indicates that Kaiser inadvertently posted patient information -- including names, addresses, telephone numbers and, in some cases, lab test results for the 140 patients -- on an internet site for IT employees that was not secured. The information was included in schematic diagrams related to an application that generated letters for the lab reporting systems.
"It's safe to say ... that we were the ones who inadvertently posted patient information to our unsecured, unpublished internet site," Schiffgens said. "It would not have been discoverable by a Google search as [Cooper] indicates. Someone posted it.
"It was copied by, we believe, Miss Cooper and placed on a [public] site that could be found, and she used information that she gathered through her terms of employment to make that available," he said.
Schiffgens acknowledged that some other Kaiser IT employee could have made the information public. "I can't say definitely she wasthe one who posted it," he said.
Last Friday, the California Department of Managed Health Care issued a cease-and-desist letter to Cooper for unauthorized use of patient information. She has 15 days from that date to request a hearing on the matter.
In an e-mail to Computerworld, Cooper said she has not yet responded to that letter.
Read more about Privacy in Computerworld's Privacy Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts