In Copyright Since September 11, 2000
Help
for Kaiser
Permanente Patients on this public service web site.
Permission is granted to mirror if credit to the source is given and the
material is not offered for sale. The Kaiser Papers is not by Kaiser but is ABOUT Kaiser
Permission is granted to mirror if credit to the source is given and the
material is not offered for sale. The Kaiser Papers is not by Kaiser but is ABOUT Kaiser
ABOUT
US| CONTACT
| WHY THE KAISERPAPERS |
MCRC |
So there is a serious problem for whatever reason and people are basically on their own. The law says one thing but apparently the government often does another thing and it really doesn't matter why. What does matter is what you as patients need to understand about all of this. There is nothing wrong with patients being upset about this but there is also no real need to carry on about something that no one is going to fix any time soon.
The following is a list of information materials and news articles that have already publicly dealt with this ongoing problem. There is also information available here on who you can contact regarding your issues with this topic.
None of this is going to fix the problem. It will help you understand the problem and possibly understand the numerous excuses that have been concocted to explain why there is a problem.
The following section pertains to a document we received from a Kaiser employee a few years ago. It is titled Kaiser Permanente HIPPA Privacy Training, Manual Part II and is located online at:
https://kaiserpapers.com/businesspractices/hipey/index.html
You can see that at least the author gave it a good try.
HIPAA was enacted in 1996. The privacy portion of the HIPAA Act was created on November 3, 1999 so logically they have had more than enough time to fix what problems with patient privacy education of their staff or problems with their computers systems. See: https://www.hipaajournal.com/when-was-hipaa-enacted/
So now you know the how and why HIPAA exists and that is important to know.
In the year 2000, when the Kaiser Papers was first created there was a Tripod website online with information that turned out to use acutal patient confidential information. It had stayed there for about a decade and no one cared. We were advised by a former Kaiser IT employee that other Kaiser IT employees had set it up to train friends and relatives in India in using the Kaiser system so they could get a job there. They just didn't think it through and used real patient information. We did mention it to HHS Office of Civil Rights. One of our Board Members had captured the website prior to the creation of the Kaiser Papers. So it was saved and stored by several different people at different times before the year 2000. Then along came a former Kaiser employee, Elisa Cooper who also had concerns about that website who brought it to our attention. She was encouraged to file a complaint with HHS and she did. As briefly as possible, Kaiser was asked by HHS to remove the site. At one point she also set up a mirror site to bring attention to what Kaiser was allowing to be done with patient private information. She was punished for that public service action.
The next thing you know Elisa Cooper was all over the news being accused by Kaiser of having originally putting that website online herself. So the author of this page contacted the reporter and spoke with her about this matter. I, Vickie Travis was told that Kaiser provides to the paper a grant and that reporter also received funding from Kaiser. The paper knew, she stated that when a Kaiser doctor went to their office with this story that it was false but that they had no choice but to report it.
That above statement combined with our personal experience with Elisa Cooper indicates to us that she was telling the truth. We also have no reason to believe otherwise. However, Kaiser and DMHC destroyed her or at least gave it a good try with legal actions. I personally sent a copy on CD of the working website to the Director of DMHC at that time. The Director's office claimed that she was unable to see it. I personally contacted the FBI in Northern California and provided three different copies of the website to them at different times. I had the CD's checked by others to make sure they worked before doing so. The FBI claimed they could not see it. So I openly provided to them my hard drive. They still couldn't see it and they patted me on the head and treated me as if I was wasting everyone's time.
See: https://kaiserpapers.com/privacy/elisa-cooper.html
See: Real Risks in Kaiser contracts: https://kaiserpapers.com/privacy/david-lazarus.html
Now you tell us what you think really was going on. How serious is this HIPAA stuff, unless you are a celebrity of some sort? No one cares except for news reporters looking for a story to write.
Charles Ornstein wrote for the online newspaper ProPublica on 31 Dec 2015an article about this very same concern of patient privacy. It is online at: https://www.propublica.org/article/california-patient-privacy-law-inconsistent-enforcement
What was learned is that specific to California, patient privacy laws are inconsistently enforced.
"Los Angeles County's public health department said in a statement that it follows the state's policy for how to handle privacy incidents at hospitals. Under the policy -- at least as Los Angeles County views it -- citations are only issued if inspectors decide hospitals had a breach that's 'intentional, malicious or widespread" or if they don't have adequate processes in place to prevent repeat breaches.
The county said it was not aware that its handling of privacy breaches varied from the state health department's other offices, or that the state was concerned by this."
So there you have it. It is just like when you give your kids a hundred chances and they promise never to do it again but you know that really they are just leading you on. They will and they do and they get away with it.
So now you know at least on the surface why this security problem is condoned.
Possibly, maybe even probably these security problems have more to do with overstating their product capabilities rather than any true employee lax behavior. They do have a reputation with some people of consistently promising more than they are capable of providing, just like a lot of other government contractors do.
Now either our legislators need to find the funding to hire enough people to enforce the law really fast or there is something else going on that we are not privy to. Whatever is the cause, it certainly is not a well oiled system and probably never will be.
Check out the HIPAA violation story about Tyler Lusk from 2018 here: https://kaiserpapers.com/horror/tyler-lusk.html
Check out Robert Kiraly's website about Kaiser HIPAA violation problems at: https://kaiserhipaa.com/
File a complaint with HIPAA:
https://www.hhs.gov/hipaa/filing-a-complaint/index.html
Patient
Privacy Issues at Kaiser Permanente
Over
the past several years the Kaiser Papers has received numerous letters
regarding HIPAA violations, privacy concerns in general and people do
express dismay that they are being ignored by regulatory agencies.
In fact a few people have stated that Kaiser employees have
stated to them that they are pretty confident that no government agency
at any level will do a darn thing to stop them or punish them for
private patient information breaches. That has not been
confirmed
by Kaiser Papers but Kaiser Papers has also received copies of patient
addressed letters from HHS Office of Civil Rights confirming that they
in general find no wrong doing.So there is a serious problem for whatever reason and people are basically on their own. The law says one thing but apparently the government often does another thing and it really doesn't matter why. What does matter is what you as patients need to understand about all of this. There is nothing wrong with patients being upset about this but there is also no real need to carry on about something that no one is going to fix any time soon.
The following is a list of information materials and news articles that have already publicly dealt with this ongoing problem. There is also information available here on who you can contact regarding your issues with this topic.
None of this is going to fix the problem. It will help you understand the problem and possibly understand the numerous excuses that have been concocted to explain why there is a problem.
The following section pertains to a document we received from a Kaiser employee a few years ago. It is titled Kaiser Permanente HIPPA Privacy Training, Manual Part II and is located online at:
https://kaiserpapers.com/businesspractices/hipey/index.html
You can see that at least the author gave it a good try.
HIPAA was enacted in 1996. The privacy portion of the HIPAA Act was created on November 3, 1999 so logically they have had more than enough time to fix what problems with patient privacy education of their staff or problems with their computers systems. See: https://www.hipaajournal.com/when-was-hipaa-enacted/
So now you know the how and why HIPAA exists and that is important to know.
In the year 2000, when the Kaiser Papers was first created there was a Tripod website online with information that turned out to use acutal patient confidential information. It had stayed there for about a decade and no one cared. We were advised by a former Kaiser IT employee that other Kaiser IT employees had set it up to train friends and relatives in India in using the Kaiser system so they could get a job there. They just didn't think it through and used real patient information. We did mention it to HHS Office of Civil Rights. One of our Board Members had captured the website prior to the creation of the Kaiser Papers. So it was saved and stored by several different people at different times before the year 2000. Then along came a former Kaiser employee, Elisa Cooper who also had concerns about that website who brought it to our attention. She was encouraged to file a complaint with HHS and she did. As briefly as possible, Kaiser was asked by HHS to remove the site. At one point she also set up a mirror site to bring attention to what Kaiser was allowing to be done with patient private information. She was punished for that public service action.
The next thing you know Elisa Cooper was all over the news being accused by Kaiser of having originally putting that website online herself. So the author of this page contacted the reporter and spoke with her about this matter. I, Vickie Travis was told that Kaiser provides to the paper a grant and that reporter also received funding from Kaiser. The paper knew, she stated that when a Kaiser doctor went to their office with this story that it was false but that they had no choice but to report it.
That above statement combined with our personal experience with Elisa Cooper indicates to us that she was telling the truth. We also have no reason to believe otherwise. However, Kaiser and DMHC destroyed her or at least gave it a good try with legal actions. I personally sent a copy on CD of the working website to the Director of DMHC at that time. The Director's office claimed that she was unable to see it. I personally contacted the FBI in Northern California and provided three different copies of the website to them at different times. I had the CD's checked by others to make sure they worked before doing so. The FBI claimed they could not see it. So I openly provided to them my hard drive. They still couldn't see it and they patted me on the head and treated me as if I was wasting everyone's time.
See: https://kaiserpapers.com/privacy/elisa-cooper.html
See: Real Risks in Kaiser contracts: https://kaiserpapers.com/privacy/david-lazarus.html
Now you tell us what you think really was going on. How serious is this HIPAA stuff, unless you are a celebrity of some sort? No one cares except for news reporters looking for a story to write.
Charles Ornstein wrote for the online newspaper ProPublica on 31 Dec 2015an article about this very same concern of patient privacy. It is online at: https://www.propublica.org/article/california-patient-privacy-law-inconsistent-enforcement
What was learned is that specific to California, patient privacy laws are inconsistently enforced.
"Los Angeles County's public health department said in a statement that it follows the state's policy for how to handle privacy incidents at hospitals. Under the policy -- at least as Los Angeles County views it -- citations are only issued if inspectors decide hospitals had a breach that's 'intentional, malicious or widespread" or if they don't have adequate processes in place to prevent repeat breaches.
The county said it was not aware that its handling of privacy breaches varied from the state health department's other offices, or that the state was concerned by this."
So there you have it. It is just like when you give your kids a hundred chances and they promise never to do it again but you know that really they are just leading you on. They will and they do and they get away with it.
So now you know at least on the surface why this security problem is condoned.
Possibly, maybe even probably these security problems have more to do with overstating their product capabilities rather than any true employee lax behavior. They do have a reputation with some people of consistently promising more than they are capable of providing, just like a lot of other government contractors do.
Now either our legislators need to find the funding to hire enough people to enforce the law really fast or there is something else going on that we are not privy to. Whatever is the cause, it certainly is not a well oiled system and probably never will be.
Check out the HIPAA violation story about Tyler Lusk from 2018 here: https://kaiserpapers.com/horror/tyler-lusk.html
Check out Robert Kiraly's website about Kaiser HIPAA violation problems at: https://kaiserhipaa.com/
File a complaint with HIPAA:
https://www.hhs.gov/hipaa/filing-a-complaint/index.html