On Friday March 11, 2005 Barbara Feder Ostrov of the San Jose Mercury News reported that “Kaiser Permanente is notifying 140 patients that a disgruntled former employee posted confidential information about them on her Weblog.”

What Kaiser isn’t telling these patients, or the media, is that the former employee they are accusing of posting this confidential information actually discovered the documents in question in a Google search last summer. The documents had been on the internet since 2002, a full year and a half before she found them. She filed a HIPAA complaint against Kaiser for the privacy violation, and rather than admit its blunder Kaiser attempted to get itself off the hook by laying blame on the complainant (sound familiar anyone?).

How do we know all this? Because the patient information was discovered right around the same time, and by the same person, who found and exposed the Thrive documents!

In September of 2004, after Matthew Holt of the Health Care Blog reported on Kaiser’s security breach, Kaiser contacted the web host and had the web site containing the patient information removed. Matt tells the whole story here.

The question everyone should be asking is this:  If Kaiser is so concerned about patient privacy, why didn’t they contact all these patients several months ago when they had the site taken down? Could it be that Kaiser hoped its gaff would quietly fade away?

If anyone is interested in contacting the “Diva of Disgruntled” it’s easy because she isn’t hiding. Simply click on the Kaiser Blog link in the column to the right and leave a comment.

(Added 3/18: Matthew Holt has been posting regular updates as events unfold. See the Health Plan page of The Health Care Blog)