Kaiser's stolen device contains data on 15,500 California patients

Twitter icon
Facebook icon
LinkedIn icon
e-mail icon
Google icon

Last month an external electronic data storage device containing patient health information for approximately 15,500 Northern California members of health insurance company Kaiser Permanente was stolen from an employee’s car at the employee’s home in Sacramento, Calif.

The device was stolen on Dec. 1, but the unidentified employee didn’t notify the payor of the theft until Dec. 8, according to the Oakland, Calif.-based Kaiser.

“We immediately conducted a comprehensive investigation of the incident and have notified state and federal regulatory agencies. The theft also was reported to the Sacramento Police Department,” said Kristin Chambers, vice president in charge of compliance and privacy for Kaiser’s Northern California division.

Kaiser has determined that no patient Social Security numbers or financial information were included in the device’s data. Currently, there is no evidence that the information has been used inappropriately.

The information on the device included the patient’s full name and Kaiser medical record number, and depending on the individual, may have included other information such as date of birth or age, gender, phone number and date and other general information related to care and treatment, according to the company.

The employee was authorized to access the information involved as part of the employee's position, but Kaiser said that the employee’s use of the device was unauthorized and violated its policies regarding data storage and that the employee was terminated.

“Based on our investigation, we believe that the employee was not using the information in an inappropriate or unlawful manner,” stated Chambers.

Currently, Kaiser is not recommending that patients take any further action related to the specific incident because there is no evidence to suggest that the device was stolen for the information on it, or that the information could be easily used for fraud or other criminal activity.

“Despite the relatively low risk to individuals posed by the theft of this device, we have notified and apologized in writing to approximately 15,500 patients in the Northern California region who were affected,” said Chambers.