Uncategorized

KP lawsuit doesn’t sniff quite right

It’s about time we had a fun Kaiser Permanente scandal, as it’s been a while, and it appears that they’re having some influence on the side of the angels in DC these days. And tracking vis HISTalk apparently there is one. You can wonder over to this blog to get the full rhetoric but basically it comes down to KP being sued by a former relatively senior techie in the Northern California region who has had a big time falling out with his boss.He has three main accusations.

1. KP kept a registry of dementia patients on an open internal network2. KP employees were dumping personally identified data in the trash3. KP was and is not tracking deductibles and was forcing their members to count up to them—presumably costing their members money for those who were paying cash when they’d already met their deductible.

So let’s parse these apart.

#1 seems to have been true, but it was not illegal. Now it’s very likely that there was a registry of dementia patients available to clinical personnel within KP—at least I’d hope so—and probably some IT specialists who didn’t need it for clinical reasons could get at it too because someone screwed up. But all those people are covered by their employment agreement AND by HIPAA. So it seems to me a big “so what”. But here’s what Kaiser admits to:

The file was on a Kaiser Permanente owned and controlled intranet shared server and was not available to the public.

In response to Mr. Denning’s compliance complaint in 2007, an investigation determined that a valid issue about record control was raised, although there was no evidence of any actual privacy breach, nor any public disclosure of this information. The investigation found that the posting was inadvertent and the document was immediately removed from the drive. Mr. Denning was informed of the outcome of this investigation.

That means someone made a mistake and it was cleaned up, but no patient data was released illegally. You might believe that KP was lying about this except that last year when the Octo-Mum madness happened KP fired a bunch of employees who deliberately accessed the Oct-Mum’s PHI when they didn't need to see it and KP reported it to the state and KP paid a big fine! So it seems to me that KP’s lawyers are extra cautious in these types of situations.

#2 (PHI in the trash) seems unlikely to me too. Now we’re talking April 2008, after the new California privacy law has going into action, and well after KP has started bragging about its online services that it both wants its members to use, and more importantly that it stands to gain financially from if its members do use. By the way they spent $4–6 billion on their new system, and now apparently there’s no money left to pay for a shredding service? I’d need to see really good evidence about this before I believe it. Why would KP be so stupid?

Perhaps I’m just fired up because the blog in question went to Deb Peel for a quote, and you all know what I think about her. And of course, FD, KP has sponsored the Health 2.0 Conference which I run, so you can all accuse me of being bought and paid for. But that doesn’t mean I’m not prepared to rake them over the coals in public and private for their screw-ups (Kidney Transplant, N. Cal exhibit one, Recission stories, exhibit two).

Now #3 (miscalculating deductibles) is a little more interesting and it’s the one that gets the least attention in the article. But I believe this is possible. I have never been a KP member but I have had health insurance which did get my deductible wrong. In fact I bet ever health insurer has had that problem at one time or another. Historically KP has not sold plans with deductibles—that was a move forced on it by its competitors in the early 2000s. So it’s likely that in 2003 KP’s systems were not able to count deductibles accurately at that stage. If that was still the case in 2008 then that certainly needs attention, and it doesn’t get commented on by the KP response email quoted in the piece.

Finally I will say that KP, which has been accused for years somewhat correctly of being opaque in its inner dealings, now has a chance to be much more transparent. I happen to know many KP folk who are venturing down the transparency/Web2.0 path, so I’ll look forward to seeing how this (probably minor) little bun fight shakes out and how they react.

Livongo’s Post Ad Banner 728*90

Categories: Uncategorized

Tagged as: , ,

10
Leave a Reply

10 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
6 Comment authors
Sandra SebbasResiakMatthew HoltJohn NelsonResiak Recent comment authors
newest oldest most voted
Sandra Sebbas
Guest
Sandra Sebbas

It’s June 2012 and Colorado Kaiser is still not counting deductibles, and asking customers to keep paying. Things haven’t changed.

Resiak
Guest
Resiak

It is not on whether you’ll hear from usor not, it is more like whether you are even interested in the truth. Rather than being an apologist to the insurance company, why don’t you use your talents for better use and make some investigations of your own. We are not into this for 15 minutes of fame, but rather to expose a company that represents all that is wrong with this broken, corrupt HMO model that only serves to line up the pockets of corrupt executives being legitimized by people like you…we are sure that you have the best intentions… Read more »

Matthew Holt
Guest

Resiak, it would be nice to know what my assumptions are and what you think reality is. I’m just making logical conclusions from the outside. You are saying nothing, other than insinuating that I’m corrupt.
So be a brave kid and reveal who you are to me (by email privately) and I’ll happily state your side of the story if it checks out. At the least you could actually answer my questions.
Why do I get the feeling I’ll never hear from you.

Resiak
Guest
Resiak

You are so full of assumptions Matthew that it borders on the sad. First of all, why are you assuming that we are “techies” because we are not. Another thing, we remain anonymous for now.
KP PR is not needed, they have Mathew Holt for that and you are doing quite a fine job…I guess Health 2.0 must be expensive and needs deep pockets and KP has that in plenty…soldier on good soldier you’re doing a fine job. Just keep watching what is unfolding, maybe you’ll learn a thing or two in the process!

Resiak
Guest
Resiak

Mat,
Like we said, let the lawsuit take its course…it will become much clearer then.

Matthew Holt
Guest

I’m clearly not able to comment on the specifics of KP’s internal security systems. But I do know two things. One all organizations make mistakes, and how they deal with these mistakes is important. Replying here on this comment thread shows that KP says it has those deductible calculations in place since 2004. Maybe they’re lying, but why would they do that on a public forum with a lawsuit pending? Secondly, both the dementia registry incident and the employee ID theft were investigated by KP. They admitted their problem with the registry and fixed it, and in February discussed the… Read more »

John Nelson
Guest

Matthew, At Kaiser Permanente we began offering deductible HMO plans in 2004. It’s worth noting that we’re especially proud of the fact that all our deductible plans provide preventive care visits and services without requiring members to meet their deductible. Ever since we began offering deductible products, we’ve had systems in place to track and help our members calculate their remaining deductible costs. As soon as members start accumulating toward their deductible, they start receiving a summary that lists service descriptions, accumulated charges towards deductible, and out-of-pocket expenses. After that, they receive an update in each month that their accumulations… Read more »

Resiak
Guest
Resiak

It is so easy that outsiders like yourselves seem to “know” what really goes on at Kaiser and can so eloquently speak about it! The KP apologists are many and as you say Mat, “bought and paid for” and that is precisely what Kaiser counts on! Muddle the waters, obfuscate, negate, distort and so many other neat tricks they have at their disposal. It such a true and tried practice that it is beautiful! It is a fail-safe model that has become both an art and a science for the Kaiser PR machine. On your post you characterize John Denning… Read more »

Dissent
Guest

Re #3, you write: “If that was still the case in 2008 then that certainly needs attention, and it doesn’t get commented on by the KP response email quoted in the piece.” Just to clarify and in fairness to KP: I did not ask KP to comment on that specific allegation. I had asked them to respond to the two allegations concerning privacy issues as PogoWasRight.org and PHIprivacy.net are oriented to the privacy issues. Re #1: Not surprisingly, perhaps, I disagree with you and think that it is *is* a concern. Allowing unnecessary personnel to have access to an intra… Read more »

Nate
Guest
Nate

Additional discussion of item 1 would be nice. It is a great example of unintended consequences of legislation and how Congress drives everyone to the mega insurers. If we even suspect PHI including SSNs were accessible to people who do not have legal rights to the data we are required to send notice to every one potentially effected and pay for 12 months of credit guard. For small carriers and TPAs such a breach would put us out of business. Even in a case like this where there is zero reason to suspect anyone was harmed or the data was… Read more »