Monday, June 20, 2005

Kaiser Foundation Health Plan Fined $200,000

For those of you following the Elisa D. Cooper (aka Diva of Disgruntled) matter, you will be interested to know the Department of Managed Health Care (DMHC) today issued a press release stating that the DMHC had completed its investigation and was fining Kaiser Foundation Health Plan $200,000 fo the unauthorized disclosure of patient health information.

Interestingly the press release by the DMHC does not mention Ms. Cooper nor the status of its actions directly against Ms. Cooper. For more background information on this action you might want to read the March 17, 2005 press release issued by the DMHC. I am sure that Ms. Cooper is smiling today after hearing the news and I will be interested to see her followup posts on the DMHC's decision. It will also be interesting to see what impact, if any, this has on Kaiser's pending action against Ms. Cooper.

According to an online article in The Murcery News, this is the largest privacy fine ever issued by the DMHC against a health care entity.

The press release states:

"The DMHC investigation determined that Kaiser was responsible for the creation of a Web site used as a testing portal by its information technology staff. The site contained confidential patient information such as names, addresses, phone numbers and lab results. It was set up and available for public viewing in 1999 without the prior consent of those affected, in direct violation of state law and the plan’s own privacy policies.

DMHC officials were concerned that Kaiser allowed the site to languish on the Web in an
accessible format and did not act to remove it until its existence was brought to the attention of federal civil rights authorities in January 2005. In addition, Kaiser authorities chose not to inform state regulators until after the site had been reported to the media in March. However, Kaiser has since informed all of the approximately 150 members who may have been affected.

“Not only was this a grave security breach, Kaiser did not actively work to protect patients until after they had been caught,” said Ehnes. “We’re imposing this fine because we consider this act to be irresponsible and negligent at the expense of members’ privacy and piece of mind.”

UPDATE: For more analysis on the latest from the "gadfly" please check out the post by Matthew Holt's The Health Care Blog.

No comments: