Breach, Data Security

Kaiser Permanente employee sends out email containing patient data

An employee of health care provider Kaiser Permanente affected hundreds of patients by inadvertently sending out an email containing personal information related to a pilot Wellness Screening competition.

How many victims? 670, according to reports.

What type of personal information? Names, Kaiser Permanente medical record numbers, phone numbers, email addresses, employer names, department names and appointment dates and times for the health screenings.

What happened? A Kaiser Permanente employee inadvertently attached a document containing the personal information to an email and sent it to a member of the health screening team.

What was the response? Upon discovery of the error, Kaiser Permanente immediately launched an investigation into what happened and worked with the recipient and the recipient's employer to delete the electronic file. The recipient legally attested that the information was not viewed and was deleted. The health care provider is taking steps to ensure a similar incident does not occur.

Details: The email containing the file was sent on May 16 and Kaiser Permanente learned of the error in July.

Quote: “While the recipient was intended and authorized to receive the summary competition information, some of your personal information related to the competition was accidentally included in another location within the same file,” said Cynthia Striegel, vice president of strategic accounts, Kaiser Permanente, in the letter to affected patients. “Please be assured that no information was shared regarding the screening results.”

Source:, “Member Notification Letter Sample (PDF),” Sept. 11, 2013.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.