Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

California: AG announces $49M settlement with Kaiser for illegal disposal of protected health information

The California Attorney General (AG), Rob Bonta, announced, on September 8, 2023, that in partnership with six other AGs, it had reached a $49 million settlement with Faiser Foundation Health Plan, Inc. and Kaiser Foundation Hospitals, resolving allegations that the healthcare provider unlawfully disposed of, among other things, protected health information at Kaiser facilities statewide which are alleged to violate the Health Insurance Portability and Accountability Act (HIPAA) and the Confidentiality of Medical Information Act (CMIA), among others.

Background to the case

In particular, the AG noted that the allegations resulted from undercover inspections conducted by the district attorneys' offices of dumpsters from 16 different Kaiser facilities.

Findings of the AG

Following its investigation, the AG noted that it reviewed the contents of unsecured dumpsters destined for disposal at publicly accessible landfills, finding over 10,000 paper records containing the information of over 7,700 patients. To this end, Bonta explained that Kaiser failed to prevent unlawful or unauthorized access to, use, or disclosure of, patients' medical information, as required by the Health and Safety Code, and failed to establish and implement appropriate administrative, technical, and physical safeguards to protect the privacy of a patient's medical information. 

Outcomes

Further to the above, the AG highlighted that it had reached a settlement that requires Kaiser to pay $46 million in penalties and retain an independent third-party auditor, approved by the Bonta's Office and the District Attorneys, who will:

  • perform no less than 520 trash compactor audits at Kaiser's California facilities to help ensure that regulated wastes (including items containing protected health information) are not unlawfully disposed of; 
  • conduct at least 40 programmatic field audits each year, for a period of five years after entry of the final judgment, to evaluate Kaiser's compliance with policies and procedures designed to ensure compliance with applicable laws related to, among other things, protected health information; and 
  • designate existing or new qualified personnel to serve as its California Regional Privacy and Security Officers with responsibilities for all covered entities.

You can read the press release here, the complaint here, and the settlement here.