The Los Angeles Times reported another cautionary tale about the down-side of health care information technology (IT) in the real world. Apparently the Kaiser Permanente managed care organization, while testing electronic medical record (EMR) software, put up records of about 150 real patients on an unprotected web-site in 1999, and kept the web-site active until January 2005. Kaiser did not tell patients that their unprotected data had been available on the web for years until three months ago, according to the Times.
The problem first became public when a former Kaiser employee, Elisa D Cooper, posted about it, including links to the Kaiser web-site, on her blog. (I can't find her original blog, which may no longer be available on the web, but her current blog is here.) Kaiser then sued Cooper for invasion of privacy and breach of contract, even though, according to the San Francisco Examiner, she had been fired by Kaiser in 2003.
Beth Givens, the director of Privacy Rights Clearinghouse, commented that the incidents shows "just how vulnerable these systems can be." This is just one more case to think about the next time someone touts the EMR as the cure for all health care ills.
And it's also a reminder how large health care organizations, even ones with reputations as benign as Kaiser's is, at least out here in the East, react to whistle-blowers who publicly point out their managers' errors.
Hi, I'm the blogger mentioned in the article.
ReplyDeleteThe blog you link to is my blog. There is no old one, and I haven't edited my current one, so you can still find everything there.
I didn't post any patient information on my blog - that has been widely misreported. I did like to a public web site that Kaiser posted (since 1999!). I also linked to a mirror site that I made to preserve the evidence while I was trying to get the Office of Civil Rights to investigate. My only intent was to keep Kaiser from covering it up, and this site went down as soon as it was clear it was going to be investigated.
Please read the above post carefully. The posting does state, as per the San Francisco Chronicle story, that Kaiser left the patient information on an unprotected web-site from 1999 to 2005, This was the core issue, and apparently no one now disputes it. Ms Cooper was terminated by Kaiser in 2003. My posting includes no opinion or conclusions as to why this happened. The San Francisco Chronicle story, from which I obtained the information, is still up on the web. It includes accusations by Kaiser against Ms. Cooper, and accusations by Ms. Cooper against Kaiser.
ReplyDelete