State Fines Kaiser Permanente for Privacy Breach
The Department of Managed Health Care on Monday announced that it had issued a $200,000 fine against a division of Oakland-based Kaiser Permanente for storing personal patient information on a publicly accessible Web site, the Los Angeles Times reports (Vrana, Los Angeles Times, 6/21). DMHC said the fine was the largest it has ever imposed for a privacy violation (Lyons, San Jose Mercury News, 6/21).
Patient information -- including names, phone numbers, addresses and lab test information -- were posted on a Web site that Kaiser officials said was created in 1999 for staff training, the Sacramento Bee reports (Ortiz, Sacramento Bee, 6/21).
DMHC said Kaiser created the site without members' consent (Lee, San Francisco Chronicle, 6/21).
Elisa Cooper, a former Kaiser employee, drew attention to the privacy violations by providing links to the information on her blog (California Healthline, 3/24).
Kaiser spokesperson Rick Malaspina said the HMO would not contest the fine (San Francisco Chronicle, 6/21).