California's Department of Managed Health Care fined Kaiser Permanente $200,000 for allowing the confidential personal information of 150 of its patients to be published on the Internet. The fine is one of the largest yet assessed to a health care provider for an error involving privacy rules. The incident in question occurred when a disgruntled ex-staff member involved in a dispute with a supervisor decided to draw attention to a poorly secured internal Kaiser web site.
The Bay Area woman Elisa Cooper, who calls herself "the Diva of Disgruntled," then posted a "mirrored copy" -- or duplicate -- of the Kaiser site on her own blog. Unhappy employees have represent a major challenge for health care providers trying to stay on the right side of privacy regulations. The Department of Justice released an opinion earlier this month which concluded that current HIPAA rules do not allow for the prosecution of employees involved in such incidents.
- see this story from the San Jose Mercury News (reg. req.)