| October 14th, 2005 |
I haven't had much to say lately, but I wanted to post to make sure people know I'm still maintaining this blog and responding to comments.
One thing I've wanted to remark on is Kaiser's general record on patient privacy. Kaiser has a history of minimizing and covering up breaches, and this is a significant danger to the public. If the public can't follow and connect all the incidents, there will be no public pressure to motivate Kaiser to improve their stewardship over information. Right now Kaiser just claims they protect patient privacy, and they shift the blame for any evidence to the contrary on mysterious outside forces. Once Kaiser publishes, discloses, or otherwise spills patient information, the damage has been done. If people want to protect their privacy, they need to demand that Kaiser protect their information in the first place, before it gets out. People need to demand an account of how Kaiser is addressing the gross negligence and incompetence that leads to careless treatment of the information that Kaiser was entrusted with.
Here are some of the incidents I've mentioned before in my blog. I'm sure with a little work, I could find more.
Over the last few years, Kaiser has had a string of technical "accidents" that leaked or published patient information. In 2000 Kaiser sent 858 emails to the wrong people. In 2003, Kaiser messed up the prescription label for 4700 patients.
Kaiser has broadcast patient information by email and mailing labels. People have been able to read other people's medical history online (this same note also mentions that Kaiser is being sued for passing medical records through lawyers - this happened to a friend of mine who is not party to this suit since she lives in another state).
One woman found social security numbers of Kaiser members in a box of recycled carbon paper from the Office Depot.
There have also been several incidents where employees were able to just walk out with patient information that was used for credit card fraud. From a quick scan, here's credit scam in Victorville, CA, credit card theft in Sacramento, CA, and mention of an earlier case here (I think this is the same as the 2002 phlebotomist case - I need to look into this).
Other people, besides myself, have pointed out Kaiser's security carelessness, which is a direct result of putting manager's with a poor understanding of technology in charge of technical issues. For instance, Kaiser sent out unsecured email. People also pointed out flaws that could expose Medical Record Numbers on KPOnline here. KPOnline was hacked in 2000.
And let's not forget that Kaiser dropped its Intranet firewall in the Colorado region last year, and all sorts of stuff spilled out onto Google.
Kaiser actually seems to be more interested in keeping information from rightful owners than preventing spillage. It's a universal complaint that Kaiser is slow to turn over medical records and is not above withholding or manipulating them in the case of a complaint. It took me months to get my email records from Kaiser, and I didn't get them until I complained to the DMHC. I'm not sure the set I ultimately got is complete, but a year later, I wasn't confident enough in my memory to press that complaint.
On occasion, Kaiser's leakiness has been a good thing. For instance, it's in the public's interest to know that Kaiser tracks doctors willing to kill you.
People may assume that government agencies will some how find out about it and do something. My own case shows that they do nothing even when informed. There needs to be a public outcry before anything was done.
Something I'd like to make clear about myself is that I'm a strong supporter of privacy. My social security number and other information was stolen in the U.C. Berkeley incident. My mother was the victim of identity theft, and she has to do the work to prove her identity every time some collections agency pursues the charges run up by the person who stole her credit cards. A couple years ago, a burglar broke into my house and took everything I owned, including my underwear drawer and my dissertation. This blog was started when a Kaiser employee (Douglas Lynch) violated my privacy. I was further horrified when Kaiser's attorneys exploited my concern about the privacy of my friends as a form of hardball. One constant in my life, is that I've never been able to repair the damage done in these sorts of incidents. Especially when a big institution or corporation is involved: they won't repair anything, and they know most people don't have the resources to fight for restitution. While all of America will pitch in to help people who are victims of big disasters, there is nothing to help people through individual disasters. Therefore, in my view, it's important for society to do everything possible to protect privacy in the first place.
A good place to start is to make the institutions responsible for protecting your privacy *responsible*. If a corporation like Kaiser is failing to protect your information, then there should be no endless bureaucratic red tape, cover ups, or attempts to create an outside scapegoat. Kaiser should not be able to brush it off with some drop-in-the-bucket fine. Kaiser needs to be accountable and address the negligence, gross incompetence, and the cronyism and corruption behind it all. Otherwise this sort of thing will happen again and again and again. It's time for Kaiser to engage in some Evidence-based Leadership.
|
|
|
|
| Top of Page |
Powered by LiveJournal.com |
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
corphq's journal