Kaiser Permanente has begun notifying some of its members of a privacy breach.
In a letter dated September 10, they write that an electronic file relating to a pilot Wellness Screening competition at the East End Complex was accidentally e-mailed by a Kaiser Permanente employee to a member of the pilot planning team on May 16, 2013. Although the recipient was intended and authorized to receive summary competition information, some other personal information related to the competition was accidentally included in another location within the same file. From their description, it sounds like a spread sheet was attached to the e-mail with personal information in hidden fields. The information included first and last name, Kaiser Permanente medical record number, phone number, email address, employer name, department name, and the appointment date and time for the health screening if the member selected one.
The letter reassured recipients that no information was shared regarding the screening results and that the recipient of the email, who was not employed by the members’ employer(s), signed an attestation that the information was deleted without ever being viewed.
The error was discovered by Kaiser Permanente in late July 2013.
The letter from the Vice-President of California Strategic Accounts concludes:
On behalf of Kaiser Permanente, we offer our sincerest apology that this unfortunate incident occurred. We assure you that safeguarding your information is one of our highest priorities and we are taking the necessary steps to ensure that this type of error does not happen again. If you have any questions with regard to this matter, please call 1-866-549-6323 Monday – Friday, 8 a.m. – 5 p.m.