Kaiser Foundation Hospital Orange County – Anaheim Medical Center is notifying patients of a breach that occurred on September 25.
In a letter signed by Julie Miller-Phipps, Senior Vice President, Executive Director of Kaiser Foundation Hospital Orange County, patients were informed that Kaiser Permanente was notified on on September 25 that a flash drive containing patients’ names, medical record numbers, and dates of birth was missing.
Patients were not informed whether the drive went missing from their facilities or from somewhere off-premises. Nor were they informed whether the protected health information (which I assume, for now, was unencrypted) should have been on a flash drive at all or whether that was a breach of some policy. Nor did they indicate whether anyone was being disciplined as a result of this breach. And nor did Kaiser indicate what steps they were taking to prevent a similar incident in the future.
The only other information patients were offered is that no Social Security numbers were involved, Kaiser doesn’t believe the information has been misused, and that patients have the right to file a complaint with Kaiser and with HHS.
You can read their somewhat terse and uninformative notification letter on California Attorney General’s web site (pdf).