2007
DOI: 10.1197/jamia.m2195
|View full text |Cite
|
Sign up to set email alerts
|

Breaching the Security of the Kaiser Permanente Internet Patient Portal: the Organizational Foundations of Information Security

Abstract: This case study describes and analyzes a breach of the confidentiality and integrity of personally identified health information (e.g. appointment details, answers to patients' questions, medical advice) for over 800 Kaiser Permanente (KP) members through KP Online, a web-enabled health care portal. The authors obtained and analyzed multiple types of qualitative data about this incident including interviews with KP staff, incident reports, root cause analyses, and media reports. Reasons at multiple levels acco… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
18
0

Year Published

2009
2009
2018
2018

Publication Types

Select...
6
2
1

Relationship

0
9

Authors

Journals

citations
Cited by 43 publications
(18 citation statements)
references
References 12 publications
0
18
0
Order By: Relevance
“…[14][15][16] In addition, numerous technical approaches have been developed to enhance privacy and security across medical records; examples include integrating disparate approaches to privacy, improving access audits, performing in-depth analyses of privacy breaches, and improving models for access controls. [17][18][19][20][21][22][23] At Vanderbilt Medical Center (VMC), an EHR system was developed for outpatient psychiatric records and deployed in 2003. Reasons given for the switch from paper charts included patient safety, with improved access to records in emergencies, lower costs of maintaining records, improved legibility and general convenience, and lower costs of providing responses to increasingly frequent and detailed requirements for copies of records for third-party payers.…”
Section: Data Security and Accessmentioning
confidence: 99%
“…[14][15][16] In addition, numerous technical approaches have been developed to enhance privacy and security across medical records; examples include integrating disparate approaches to privacy, improving access audits, performing in-depth analyses of privacy breaches, and improving models for access controls. [17][18][19][20][21][22][23] At Vanderbilt Medical Center (VMC), an EHR system was developed for outpatient psychiatric records and deployed in 2003. Reasons given for the switch from paper charts included patient safety, with improved access to records in emergencies, lower costs of maintaining records, improved legibility and general convenience, and lower costs of providing responses to increasingly frequent and detailed requirements for copies of records for third-party payers.…”
Section: Data Security and Accessmentioning
confidence: 99%
“…Similar security breaches have occurred in other online healthrelated sites, such as a major breach of over 800 Kaiser Permanente (KP) members through KP Online, a web-enabled health care portal. Two programmers had written poorly designed scripts which resulted in emails breaching the confidentiality and integrity of the members' personal health information A case study was completed on this breach, and the authors concluded that in order to protect sensitive patient information, safeguards should be built into online systems in addition to complying with good information security practice and regulations suggested in HIPAA [17].…”
Section: Security Problems and Breachesmentioning
confidence: 99%
“…New health monitoring applications, for iPhones, tablets, and Android devices, are reaching the market at an accelerating pace. Yet the medical profession has been slow in transitioning to digital services and furthermore is hampered by prohibitive costs of security, encryption, and patient privacy protection (Collmann and Cooper 2007).…”
mentioning
confidence: 99%