The Los Angeles Times reported another cautionary tale about the down-side of health care information technology (IT) in the real world. Apparently the Kaiser Permanente managed care organization, while testing electronic medical record (EMR) software, put up records of about 150 real patients on an unprotected web-site in 1999, and kept the web-site active until January 2005. Kaiser did not tell patients that their unprotected data had been available on the web for years until three months ago, according to the Times.
The problem first became public when a former Kaiser employee, Elisa D Cooper, posted about it, including links to the Kaiser web-site, on her blog. (I can't find her original blog, which may no longer be available on the web, but her current blog is here.) Kaiser then sued Cooper for invasion of privacy and breach of contract, even though, according to the San Francisco Examiner, she had been fired by Kaiser in 2003.
Beth Givens, the director of Privacy Rights Clearinghouse, commented that the incidents shows "just how vulnerable these systems can be." This is just one more case to think about the next time someone touts the EMR as the cure for all health care ills.
And it's also a reminder how large health care organizations, even ones with reputations as benign as Kaiser's is, at least out here in the East, react to whistle-blowers who publicly point out their managers' errors.
"Minnesotans have been ill-served by their flagship university in this tragic affair" - "Leadership and transparency were lacking in research subject’s suicide," says the *Star Tribune* editorial board. Now there's an understatement. Read th...
13 minutes ago