Kaiser Error Sends Out Medical Data

HMO giant Kaiser Permanente accidentally breached the confidentiality of 858 members who were using the Oakland-based health insurer’s online service to make appointments and discuss sensitive health matters with doctors.

Kaiser mistakenly sent responses to some customers’ e-mail to the wrong members, the nation’s second largest health insurance plan acknowledged Wednesday. Nineteen Kaiser members received e-mail intended for some or all of the 858 members.

“Some of the information was very sensitive,” said Anna-Lisa Silvestre, director of Kaiser Permanente Online.

The problem occurred Aug. 2 when Kaiser was upgrading software to its online system to handle increased traffic.

A technician caught the error 20 minutes after realizing the problem. But the next day a Kaiser member called the plan, saying the insurer had e-mailed her a large computer file with messages intended for several hundred other members. That’s when Kaiser realized the extent of its error.

About 250,000 of Kaiser’s 8 million members use the online service to interact with its staff, doctors, nurses and pharmacists. The service also lets members exchange messages with other members and find information on various health topics.

The online system is billed as a more efficient way for members to communicate with the plan and its affiliated doctors.

Kaiser is one of several big health insurers increasingly trying to meet customers’ growing demand to conduct business online. Insurers have also tried to prod members to use the Web to reduce their own expenses.

“Most members thanked us for letting them know,” Silvestre said. “A handful are angry that some of their medical information was sent to others.”

Kaiser officials have tried to reach all 858 members to tell them about the mistake.

“This is a good wake-up call for the entire industry,” Silvestre said. She noted that health companies have to be careful in quickly building complex online systems.

Sarah Andrews, a policy analyst with the Electronic Privacy Information Center in Washington, said Kaiser’s experience shows why companies need to be extremely careful when conducting business online.

“That doesn’t mean these online systems should not be in place--they do provide a great convenience--but they should treat them responsibly and should have adequate security.”