Tuesday, June 21, 2005

A Cautionary Tale About Health Care IT in the Real World

The Los Angeles Times reported another cautionary tale about the down-side of health care information technology (IT) in the real world. Apparently the Kaiser Permanente managed care organization, while testing electronic medical record (EMR) software, put up records of about 150 real patients on an unprotected web-site in 1999, and kept the web-site active until January 2005. Kaiser did not tell patients that their unprotected data had been available on the web for years until three months ago, according to the Times.
The problem first became public when a former Kaiser employee, Elisa D Cooper, posted about it, including links to the Kaiser web-site, on her blog. (I can't find her original blog, which may no longer be available on the web, but her current blog is here.) Kaiser then sued Cooper for invasion of privacy and breach of contract, even though, according to the San Francisco Examiner, she had been fired by Kaiser in 2003.
Beth Givens, the director of Privacy Rights Clearinghouse, commented that the incidents shows "just how vulnerable these systems can be." This is just one more case to think about the next time someone touts the EMR as the cure for all health care ills.
And it's also a reminder how large health care organizations, even ones with reputations as benign as Kaiser's is, at least out here in the East, react to whistle-blowers who publicly point out their managers' errors.


Anonymous said...

Hi, I'm the blogger mentioned in the article.

The blog you link to is my blog. There is no old one, and I haven't edited my current one, so you can still find everything there.

I didn't post any patient information on my blog - that has been widely misreported. I did like to a public web site that Kaiser posted (since 1999!). I also linked to a mirror site that I made to preserve the evidence while I was trying to get the Office of Civil Rights to investigate. My only intent was to keep Kaiser from covering it up, and this site went down as soon as it was clear it was going to be investigated.

pansophia said...

Just reinforcing my comment I wrote on your other post. I did not lose my job at Kaiser over anything to do with security, technology, or whistleblowing. I found Kaiser's Systems Diagrams on the public Internet over a year and a half after I lost my job. The DMHC determined the site had been on the web for around five years.

I lost my job because I had an evil manager. I tried to avoid getting involved in her scheme against a rival manager, and she decided I "wasn't a good fit". There were no performance issues - I was a great employee. Kaiser HR had to destroy all email evidence and give me the run around for seven months to cover up what she did.

Now I have been wronged three times. First by Kaiser choosing to cover up for managerial misconduct at the expense of my job. Second, by Kaiser's attempt to frame me after I found their web site (and I can't begin to count the other wrongs that have stemmed from that), and now here's a good blog - one that has always had my respect - helping to spread Kaiser's lie!

I regret I caught your post so late. Since there was a link on the Daily Kos, god knows how many people have read the false allegation you've helped to spread.

Roy M. Poses MD said...

Please read the above post carefully. The posting does state, as per the San Francisco Chronicle story, that Kaiser left the patient information on an unprotected web-site from 1999 to 2005, This was the core issue, and apparently no one now disputes it. Ms Cooper was terminated by Kaiser in 2003. My posting includes no opinion or conclusions as to why this happened. The San Francisco Chronicle story, from which I obtained the information, is still up on the web. It includes accusations by Kaiser against Ms. Cooper, and accusations by Ms. Cooper against Kaiser.