Page last modified 13:19, 5 Dec 2008 by Mohammad
Encyclopedia of personal health records > Breaching the Security of the Kaiser Permanente Internet Patient Portal: the Organizational Foundations of Information Security
Breaching the Security of the Kaiser Permanente Internet Patient Portal: the Organizational Foundations of Information Security
Table of contents
Learning points from paper
- Analyzed breech of 800 patients' records on KP Online, the patient portal of Kaiser Permanent
- Reasons at multiple levels account for the breach, including the architecture of the information system, the motivations of individual staff members, and differences among the subcultures of individual groups within as well as technical and social relations across the Kaiser IT program.
Citation and Abstract
Instructions (to be deleted): Find the paper in PubMed and copy and paste the record into this page (see full instructions). Don't forget to include the link!
J Am Med Inform Assoc. 2007 Mar–Apr; 14(2): 239–243
Jeff Collmann, PhD a ![[low asterisk]](http://www.pubmedcentral.nih.gov/corehtml/pmc/pmcents/lowast.gif)
and Ted Cooper, MD b
and Ted Cooper, MD b aGeorgetown University Medical Center, Washington, DC
bStanford University Medical Center, Palo Alto, CA.
Correspondence and reprints: Jeff Collmann, Ph.D., 5319 29th St, NW, Washington, DC, 20015. (Email: collmanj@georgetown.edu).
This case study
describes and analyzes a breach of the confidentiality and integrity of
personally identified health information (e.g. appointment details,
answers to patients’ questions, medical advice) for over 800 Kaiser
Permanente (KP) members through KP Online, a web-enabled health care
portal. The authors obtained and analyzed multiple types of qualitative
data about this incident including interviews with KP staff, incident
reports, root cause analyses, and media reports. Reasons at multiple
levels account for the breach, including the architecture of the
information system, the motivations of individual staff members, and
differences among the subcultures of individual groups within as well
as technical and social relations across the Kaiser IT program. None of
these reasons could be classified, strictly speaking, as “security
violations.” This case study, thus, suggests that, to protect sensitive
patient information, health care organizations should build safe
organizational contexts for complex health information systems in
addition to complying with good information security practice and
regulations such as the Health Insurance Portability and Accountability
Act (HIPAA) of 1996.
PMCID: PMC2213471
PMID: 17213500 [PubMed - indexed for MEDLINE]
Related Links
- Privacy and security compliance in the E-healthcare marketplace. [Healthc Financ Manage. 2000]
- Organizing safety: conditions for successful information assurance programs. [Telemed J E Health. 2004]
- Remote control. North Carolina IDN chooses SSL access to ensure HIPAA compliance. [Health Manag Technol. 2003]
- ReviewHealthcare information security. The threats and the safeguards--and how to manage them. [Health Devices. 2001]
- ReviewA real-time tracking, notification, and web-based enrollment system for emergency department research. [Acad Emerg Med. 2004]
- Tag page
- What links here
Images 0
You must login to post a comment.