Thousands of Kaiser patient records stored in private home

Secure new technology for storing patient medical records is ubiquitous, but one healthcare group in California turned to an unusual option for storing almost 300,000 confidential records--in turn, likely violating patient privacy and involving itself in a federal investigation, the Los Angeles Times reports.

Starting in 2008, Kaiser Permanente of California gave files to Stephan and Liza Dean for seven months without a contract. The couple--whose small business, Sure File Filing Systems, was given the job of organizing thousands of old patient files from the Moreno Valley Community hospital--stored the information in their Ford Mustang, as well as at a warehouse in Indio, Calif., sharing space with a party business.

The U.S. Department of Health & Human Services began investigating the situation, according to the Times, after a complaint by the Deans about Kaiser's "mishandling of patient data." The Deans said Kaiser didn't take proper precautions with the patient information, citing email subject lines with patient information and a lack of password protection. Information in the emails included patient names, Social Security numbers, birthdays and medical treatment information.

Kaiser, meanwhile, has said that the Deans put patient information at risk by keeping hard drives in their garage with the door open. Their business together terminated in 2010, and Kaiser currently is working to ensure the Deans deleted the patient information from their hard drives, which Stephan Dean said he did last week, according to the Times.

The California Department of Public Health made the determination that Kaiser "failed to safeguard all patients' medical records," according to the newspaper.

Meanwhile, Kaiser spokesman John Nelson told the Times that "in retrospect, we certainly wish we'd never done business with Mr. Dean."

Often, privacy breaches occur when a hospital employee's mobile device is stolen or hacked into. For instance, data for more than 64,000 patients was put at risk after a data breach in which an employee of hospital management vendor Omnicell had an unsecured electronic device stolen from their car.

To learn more:
- read the Los Angeles Times article