CA fines Kaiser $450,000 in breach of affected person confidentiality

Kaiser Permanente agreed to pay a $450,000 fine after it used potentially outdated addresses in mailings that included confidential patient information on 167,095 enrollees.

Kaiser Permanente agreed to pay a $450,000 wonderful after it used probably outdated addresses in mailings that included confidential affected person data on 167,095 enrollees.

The Sacramento Bee

The California Department of Managed Care announced Thursday that Kaiser Permanente agreed to pay a $450,000 fine because it used potentially outdated addresses when it sent out mailings containing confidential information to thousands of patients.

The agency said the Oakland-based health care giant issued 337,755 mailings that had health information on 167,095 enrollees between October 2019 and December 2019. Kaiser said it could not be sure the intended recipients received the packets because there was an error in updating its electronic medical record during the period.

“Health plans must protect the confidentiality of enrollee records and maintain and dispose of medical information correctly,” said DMHC Director Mary Watanabe. “Kaiser Permanente agreed to take corrective actions to protect consumers confidential information and ensure this doesn’t happen again.”

None of these mailings contained social security numbers or financial information, Kaiser officials told The Sacramento Bee in a statement issued Thursday.

“Kaiser Permanente takes the protection of our members’ personal and health information seriously and continuously works to safeguard data,” company officials said in the statement. “Upon learning of the error, we immediately corrected our systems and future mailings. At this point, all necessary corrective action has been completed.”

DMHC officials said that 1,788 of the mailings were returned to Kaiser unopened but that eight recipients contacted the plan and reported opening the mailings before seeing that they were not intended for them. Due to the plan’s system error, DMHC officials said, thousands of mailings could have been viewed by unauthorized persons.

As part of the corrective action plan, Kaiser had to notify enrollees who were affected and confirm they had accurate addresses for them, update its membership software systems and check periodically to confirm address changes are kept in sync. The company also conducted refresher training for staff on the Health Insurance Portability and Accountability Act standards on protecting sensitive health information.

The data breach violated California’s Confidentiality of Medical Information Act in two ways, DMHC officials said: The company disclosed medical information to people unauthorized to see it, and it showed negligence in how it maintained the information.

If health plan enrollees suspect unauthorized disclosure of their medical information or have other issues, they can file a grievance or appeal with the plan, DMHC officials said. If the offered resolution does not satisfy the customer or if there’s no response after 30 days, they said, consumers can file a complaint with the DMHC Help Desk by calling 888-466-2219 or filling out a form at

Cathie Anderson covers well being look after The Bee. Rising up, her blue-collar dad and mom paid out of pocket for care. She joined The Bee in 2002, with roles together with enterprise columnist and options editor. She beforehand labored at papers together with the Dallas Morning Information, Detroit Information and Austin American-Statesman.

Back to top button