Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
California: AG announces $49M settlement with Kaiser for illegal disposal of protected health information
The California Attorney General (AG), Rob Bonta, announced, on September 8, 2023, that in partnership with six other AGs, it had reached a $49 million settlement with Faiser Foundation Health Plan, Inc. and Kaiser Foundation Hospitals, resolving allegations that the healthcare provider unlawfully disposed of, among other things, protected health information at Kaiser facilities statewide which are alleged to violate the Health Insurance Portability and Accountability Act (HIPAA) and the Confidentiality of Medical Information Act (CMIA), among others.
Background to the case
In particular, the AG noted that the allegations resulted from undercover inspections conducted by the district attorneys' offices of dumpsters from 16 different Kaiser facilities.
Findings of the AG
Following its investigation, the AG noted that it reviewed the contents of unsecured dumpsters destined for disposal at publicly accessible landfills, finding over 10,000 paper records containing the information of over 7,700 patients. To this end, Bonta explained that Kaiser failed to prevent unlawful or unauthorized access to, use, or disclosure of, patients' medical information, as required by the Health and Safety Code, and failed to establish and implement appropriate administrative, technical, and physical safeguards to protect the privacy of a patient's medical information.
Outcomes
Further to the above, the AG highlighted that it had reached a settlement that requires Kaiser to pay $46 million in penalties and retain an independent third-party auditor, approved by the Bonta's Office and the District Attorneys, who will:
- perform no less than 520 trash compactor audits at Kaiser's California facilities to help ensure that regulated wastes (including items containing protected health information) are not unlawfully disposed of;
- conduct at least 40 programmatic field audits each year, for a period of five years after entry of the final judgment, to evaluate Kaiser's compliance with policies and procedures designed to ensure compliance with applicable laws related to, among other things, protected health information; and
- designate existing or new qualified personnel to serve as its California Regional Privacy and Security Officers with responsibilities for all covered entities.
You can read the press release here, the complaint here, and the settlement here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
