Chief Information Officer, Oregon Region
O’Brien was one of the executives to get the call about the data breach, which exposed medical and financial records on more than 365,000 patients, right after the 2006 New Year’s holiday. She says “we didn’t sleep” for the three weeks that it took to figure out what data was stolen and notify patients. O’Brien was promoted to CIO in August 2003, after spending six years as regional director for information services.
Chief Executive Officer, Oregon Region
Danielson was the public face of Providence in the aftermath of the breach. He told The Oregonian he didn’t know employees were taking data home in their cars and “found it hard to believe.” He met with representatives of Attorney General Hardy Myers, who investigated Providence, and vows Providence will be a resource for the state of Oregon and other companies that have lost data.
Former systems analyst, Providence Home and Community Services
Shields says he was fired after thieves stole backup tapes and disks with 18 years’ worth of patient data from his minivan, which he’d parked in his driveway. Providence will not comment on Shields or his employment status.
Oregon Attorney General
Myers’ office investigated Providence for nearly eight months to see if it had broken a far-reaching state law, the Unfair Trade Practices Act, which prevents businesses from misrepresenting their services. Providence settled and agreed to pay $95,764 into a state consumer protection and education fund to fight identity theft.
David Paul and David SugermanAttorneys,
Paul & Sugerman, PC
Paul and Sugerman, along with a second law firm, represent two former patients of Providence whose data was stolen. The patients are suing the health-care provider for negligence in Multnomah County (Ore.) court. Providence denies the charges.
Partner, Davis Wright Tremaine LLP
McGrory, who successfully defended Microsoft in a class action brought by Windows 98 buyers who claimed Microsoft had overcharged them, now represents Providence. He wants the patients’ lawsuit dismissed. He says Providence has gone “far beyond” what it is legally required to do for patients. “In this society, we can’t sue and collect money for every little thing,” he told the judge at a recent hearing.
Holmes is one of the patients whose data was stolen. He set up a Web site, www.providenceidentitytheft.com, as a place for patients to share stories about the experience. He also filed a complaint against Providence with the U.S. Department of Health and Human Services, which enforces compliance with the Health Insurance Portability and Accountability Act.