Two new member privacy breaches have been reported in the last week. Is anyone else finding Kaiser’s typical canned response that it takes “protecting the privacy and security of our members’ personal medical information seriously” a little difficult to believe, much like its empty advertising claims?
From Wired News:
Kaiser Joins Lost Laptop Crowd — Kaiser Permanente mailed letters this week to 160,000 of its Northern California-based HMO subscribers, informing them that a laptop containing their personal information, including their phone numbers and Kaiser numbers, had been stolen.
The data was being used to market Hearing Aid Services to 160,000 Health Plan members in Northern California, though the person who tipped Wired News to the story has no history of hearing problems.
No social security numbers were on the laptop, which was stolen sometime in late June from a “secure office” in the Permanente Medical Group Business Development Group, according to a Kaiser spokeswoman and a member represent answering a toll free number for Kaiser members.
The letter suggested that the risk may be limited, as the laptop required a user name and password, but made no mention of encryption.
The Oakland Police Department is investigating, according to a written statement released Thursday night. More
And from CorpHQ:
Kaiser has been posting patient info on the Internet yet again. The patient involved received this letter in March 2006, but the letter itself is undated. My theory is that Kaiser did this deliberately to create confusion if this letter was used in litigation. I haven’t seen a word about this letter from either the press or the DMHC (remember the DMHC making a big deal about how they wanted to handle HIPAA violations even though all of Kaiser’s training materials says to report violations to the Federal Dept. of Health and Human Services…?).
This is a stunning HIPAA violation. Remember Kaiser siccing their full lawyer power (as well the DMHC) on me just for calling attention to their publicly posted web site? (Note the EFF finally figured out the problem with persecuting the transmitter of public posted information in this case). So how on earth did Kaiser manage to quash it?
I challenge investigative journalists to follow up on and validate this letter. While I’ve redacted the patient’s name on the document I posted, I’m sure the patient would be more than willing to cooperate.
One question comes to mind in response: Where are the regulators?
Another one! I bet at this point Kaiser just has a boilerplate letter they use for any privacy breach.
I wonder what would happen if someone ran a retrieval program for deleted files on the laptops?
Privacy breaches happen all the time–HIPPA?! I’m not sure that Kaiser cares what that means. When I get those memos, it’s so funny, on how “protecting the privacy and security of our members’ personal medical information is taken seriously”, many employees just throw them away. Because everyone really knows that if you report any wrong doing within the company, Kaiser will work to cover it up and then make the source of the report look as though it is without credibility. Kaiser is not really interested in protecting its members or employees,especially for that matter, from this illegal act of privacy violating, their just too involved in hiding or losing the proof, in their efforts to avoid lawsuits when they see one that is rightly coming.
Our region is just hanging on by its nails. Staffing is outrageously short, because the honest employees are pushed out or abused too long to take it. According to The Compliance Department in our region not even all of of our computer programs are trackable to the users id/password, making it conveniently easy to say that there is no evidence of wrongdoing-when patient info is looked up, on a “want to” know bases. I learned this all the hard way, before I really understood the substance of the so called non-profit organization I work for, I’m sorry but someone is profiting from this corporation and it’s not the patients or its very own “valued employees”.
When employees follow the standard procedures for reporting these incidents, even when the evidence WAS there, somehow it disappears? But I will stop rambling on, because there’s so much more to the problem of Kaiser’s empty advertising claims.
I need to help. I need to discuss a HIPPA violation that I am involved with.
I became a member of Kaiser in January 2012. My first appointment was on January 19, 2012 2:14 pm. to 2:55 pm I never got to see the doctor that day Kaiser had canceled the appointment to cover up Hippa Violations. I got another members medical receipt which was a Reprint when I asked for my receipt I got a Reprint never got the Original Kaiser doesn’t know “WTF” has it. I also argued with the receptionist about my co-pay my co-pay is $40.00 I had to pay $45.00 for someone else & on the Kaiser members receipt there co-pay was $20.00.
They also had me scheduled for three doctor appointments that day with three different doctors in three different places. When I went into my emails January & February 2012 the months I had filed the Hippa Violations online in my Kaiser Membership account. Those months are missing gone “Phoof” just like that.
The OCR closed this case & cannot open it violates there own laws & rules & what they put in a letter to me. The OCR has the nerve to call me & tell me they are going to investigate this again WTF are they going to break their own rules & laws?
I told them they can go on the internet to various sites to get the documents there splattered every where. Seems they don’t have what I sent them in 2012 oh well to bad!