Breaching The Security Of An Internet Patient Portal

1846 Words8 Pages
Case 14: Breaching The Security Of An Internet Patient Portal Case Synopsis Kaiser Permanente is a large health care delivery system that serves over eight million individuals across nine states, and the District of Columbia. In 1990 Kaiser Permanente developed a internet patient portal, KP Online. KP Online enabled members to make appointments, request prescription refills, seek clinical advice, obtain health care information, and interact with patients in forums. In August 2000, Kaiser Permanente Online experienced a serious breach in security. The security breach concatenated several hundred individual e-mails containing personal patient data. As a result of the security breach, 19 members receiving private data about other members. Kaiser Permanente was made aware of the breach when two members notified the organization that they had received the concatenated e-mail messages. Identifying the significant breach of confidentially, Kaiser Permanente immediately offered apologies to the affected members, and launched a crisis task force to conduct a root-cause analysis. Within three days of the breach, Kaiser Permanente informed its’ members and issued a press release. A root-cause analysis of the security breach revealed multi-factorial issues at the technical, individual, group, and organizational levels. At the technical level, the applications and web-tools were initially tested and evaluated in an ideal environments that was not equivalent to the clinical practice
Open Document