Regulators Fine Kaiser Unit $200,000 | LAT | 6.21.05
The state imposes the penalty for breaching patient confidentiality in exposing health records on the Web.
State regulators Monday fined a division of Kaiser Permanente $200,000 for exposing on the Internet the confidential health records of about 150 patients for as long as four years.
The nation’s largest nonprofit health insurer began a test program to make medical records of some of its members available electronically to physicians, and to give members access to their own records over the Internet.
But the Kaiser website in 1999 included confidential patient information, such as addresses, phone numbers and lab tests, that was available for public viewing. Oakland-based Kaiser did not remove the site until it was brought to the attention of federal authorities in January 2005, according to the California Department of Managed Health Care.
And Kaiser told patients about the medical records just three months ago, after it was reported in the media, the state said.
“Not only was this a grave security breach, Kaiser did not actively work to protect patients until after they had been caught,” said Cindy Ehnes, director of the state agency. “We’re imposing this fine because we consider this act to be irresponsible and negligent at the expense of members’ privacy and piece of mind.”…
A former Kaiser Web coordinator, Elisa D. Cooper, 35, first brought the security breach to the public’s attention by posting links to the site on her blog. The Berkeley resident then notified civil rights authorities. Kaiser then sued her, accusing her of invasion of privacy and breaking a confidentiality agreement; that suit is still pending in Alameda County Superior Court. Cooper was let go by Kaiser in 2003.…
See Diva’s saga here.
If “MasterCard International reported…more than 40 million credit card accounts of all brands might have been exposed to fraud through a computer security breach at a payment processing company…[.]” MasterCard Says 40 Million Files Put at Risk, New York Times, June 18, 2005. What do you imagine the security breaches from healthcare will be? More or less? Compare the IT and security infrastructures between the banking and credit industries with healthcare. We should be very scared!