It’s about time we had a fun Kaiser Permanente scandal, as it’s been a while, and it appears that they’re having some influence on the side of the angels in DC these days. And tracking vis HISTalk apparently there is one. You can wonder over to this blog to get the full rhetoric but basically it comes down to KP being sued by a former relatively senior techie in the Northern California region who has had a big time falling out with his boss.He has three main accusations.
1. KP kept a registry of dementia patients on an open internal network2. KP employees were dumping personally identified data in the trash3. KP was and is not tracking deductibles and was forcing their members to count up to them—presumably costing their members money for those who were paying cash when they’d already met their deductible.
So let’s parse these apart.
#1 seems to have been true, but it was not illegal. Now it’s very likely that there was a registry of dementia patients available to clinical personnel within KP—at least I’d hope so—and probably some IT specialists who didn’t need it for clinical reasons could get at it too because someone screwed up. But all those people are covered by their employment agreement AND by HIPAA. So it seems to me a big “so what”. But here’s what Kaiser admits to:
The file was on a Kaiser Permanente owned and controlled intranet shared server and was not available to the public.
In response to Mr. Denning’s compliance complaint in 2007, an investigation determined that a valid issue about record control was raised, although there was no evidence of any actual privacy breach, nor any public disclosure of this information. The investigation found that the posting was inadvertent and the document was immediately removed from the drive. Mr. Denning was informed of the outcome of this investigation.
That means someone made a mistake and it was cleaned up, but no patient data was released illegally. You might believe that KP was lying about this except that last year when the Octo-Mum madness happened KP fired a bunch of employees who deliberately accessed the Oct-Mum’s PHI when they didn't need to see it and KP reported it to the state and KP paid a big fine! So it seems to me that KP’s lawyers are extra cautious in these types of situations.
#2 (PHI in the trash) seems unlikely to me too. Now we’re talking April 2008, after the new California privacy law has going into action, and well after KP has started bragging about its online services that it both wants its members to use, and more importantly that it stands to gain financially from if its members do use. By the way they spent $4–6 billion on their new system, and now apparently there’s no money left to pay for a shredding service? I’d need to see really good evidence about this before I believe it. Why would KP be so stupid?
Perhaps I’m just fired up because the blog in question went to Deb Peel for a quote, and you all know what I think about her. And of course, FD, KP has sponsored the Health 2.0 Conference which I run, so you can all accuse me of being bought and paid for. But that doesn’t mean I’m not prepared to rake them over the coals in public and private for their screw-ups (Kidney Transplant, N. Cal exhibit one, Recission stories, exhibit two).
Now #3 (miscalculating deductibles) is a little more interesting and it’s the one that gets the least attention in the article. But I believe this is possible. I have never been a KP member but I have had health insurance which did get my deductible wrong. In fact I bet ever health insurer has had that problem at one time or another. Historically KP has not sold plans with deductibles—that was a move forced on it by its competitors in the early 2000s. So it’s likely that in 2003 KP’s systems were not able to count deductibles accurately at that stage. If that was still the case in 2008 then that certainly needs attention, and it doesn’t get commented on by the KP response email quoted in the piece.
Finally I will say that KP, which has been accused for years somewhat correctly of being opaque in its inner dealings, now has a chance to be much more transparent. I happen to know many KP folk who are venturing down the transparency/Web2.0 path, so I’ll look forward to seeing how this (probably minor) little bun fight shakes out and how they react.