[Dataloss] followup: Kaiser Letter

security curmudgeon jericho at attrition.org
Wed Dec 6 21:42:04 EST 2006 

http://attrition.org/dataloss/2006/11/kais01.html

This is the letter sent out, presumably to ~ 38,000 people. Typos are my 
own.

--

November 13, 2006

Dear [name],

I am writing to inform you that a laptop computer was stolen from the 
trunk of an employee's automabile on October 4, 2006 that contained 
information about you. The employee reported the theft to the police and 
Kaiser Permanente is cooperating with their investigation.

While we believe the risk is limited, there is a possibility that the 
information on the stolen device could be accessed. Therefore we wanted 
you to know what information was on it. The laptop device contained your 
name, medical record number, age, date of birth, sex, indicators related 
to industry standard health plan performance measures, information about 
your deductibles and co-pays, and your primary care provider's name. 
[bold]Your Social Security number was _not_ included in your 
information.[/bold]

Kaiser Permanente respects your right to file a complaint. If you have any 
questions, concerns or wish to file a complaint, please contact us at 
(1-866-529-0813) (TTY (303)338-3820). You also have the right to contact 
the Department of Health and Human Services through the Office for Civil 
Rights at 1-800-368-1019.

On behalf of Kaiser Permanente, I offer our sincerest apology that this 
unfortunate incident occurred. I assure you that safeguarding your medical 
information is one of our highest priorities. Thank you for your 
understanding in this matter. Again, if you have any questions regarding 
this incidents, please call us at (1-866-529-0813) (TTY (303)338-3820).

Very truly yours,

[signature]

Barbara Collura
Privacy and Security Officer - Colorado Region

Enclosers

---


One item was enclosed, a multiple page handout dated April 2006 offering 
information and notification of privacy practice.

I called the number above at 6:55pm MST and the recording said to leave my 
name and number and a member's services representative trained to answer 
your questions would call me back between 5pm and 7pm.

More information about the Dataloss mailing list