On Saturday, February 3 at 2:00pm there will be a free public forum on The Kaiser Crisis in San Francisco. It will be held at the Community Room on 630 Valencia St./17th St. Here's the description of the event:
Kaiser Permanente, which covers millions of people in California, has been facing one crisis after another from the cover-up of their kidney dialysis unit to the firing of workers who stand up for proper heathcare and health and safety. This forum will have speakers from the trenches at Kaiser who have seen how it operates from the inside and how the system really operates inside and outside. Who is regulating Kaiser and where is Kaiser going?
Join with Kaiser workers, consumers and healthcare advocates:
Dina Padilla, for Kaiser SEIU 250 shop steward and Voices CA Chapter Pres. B.E.S.T.
Dr. Charles Philipps, Former Kaiser Doctor, author and critic Of managed care
Sharon Rushford, Fought a legal battle for her husband who was a patient of Kaiser
April Gottman, Ex SEIU 250 Kaiser employee and researcher
And...[drumroll]...ME as a Former Kaiser web worker and activist for Kaiser transparency.
Sponsored by VOICES CA, B.E.S.T.
California Coalition For Workers Memorial Day
Labor Video Project
I believe this is going to be televised on local Bay Area TV - will get back to you all on that.
If you attend or see it on TV, please feel free to post a shout out here!
I apologize for not being able to update for a few weeks. I've had a lot going on. This doesn't mean there's a lull in Kaiser misdeeds: I just have to play catch-up reporting on it. I'm going to post an update asap.
|
Oops, Kaiser released the patient data of another 38,000 people out into the wild! This isn't Kaiser's first laptop incident. In July Kaiser informed 160,000 people that their data was on the loose. Who knows how many times this happened before the HIPAA-enforcers started obliging Kaiser to come clean. Interested parties can find my archive of Kaiser privacy incidents here.
KaiserPapers has a new patient horror story that shows why Kaiser only faces a fraction of the arbitrations/lawsuits it should. Note that Kaiser would have charged the poor woman $3000.00 just for a photocopy of her husband's medical records.
LOL! Lab Soft News translates Kaiser's crafted messages.
LOL Redux! It's no coincidence that a Kaiser employee is featured in this career success article... which ends with the wink wink nudge nudge advice to only relay "sensitive" info by phone (where no one can prove anything). If only half of Kaiser's HR execs are giving advice like this, it may be yet another clue about why Kaiser is so screwed up.
Yet Another LOL! Check out this hilarious Stepford-Kaiser job description: Ensure that all communications collateral is edited to increase brand awareness of and interest in Kaiser Permanente... (Here's the source.) Don't get me started on the irony that this tortuous clump of weasel-wordery is for a "communications" job.
Missing the Obvious: The Mercury Times just posted an article about the end of the HMO advantage implied by rising health care premiums that are now outpacing the rest of the country. The article seems baffled about the cause. I guess the reporters have totally missed years of HMOs passing on out-of-control IT costs and massive bureaucratic waste to consumers. Kaiser has specifically mentioned "IT investment" as its justification for raising rates in Hawaii. It seems to me that someone at the Mercury Times, or Kaiser someone influencing the Mercury Times, just wants to blame "consumer backlash against HMOs" and thus create public pressure to discourage criticism of HMOs.
Wow! Kaiser could really pick up a few tips from Computerworld. Editorialist Frank Hayes has offered an honest, insightful apology to Justen for lumping him in with the Kaisercrats. I have to admit I'm envious - I couldn't even get major newspapers like the SF Chronicle to make *corrections of fact* when I was under Kaiser-siege.
Kaiser Still Using Justen's Name for Their PR! The Kaiser "Sponsored Link" is back on Google:
|
Tonight a Kaiser patient asked the world how to deal with a violation of patient privacy:
I received in the mail the results of my blood tests and in the same envelope were 6 other people's test results...all from Kaiser. Where should I go to bring to someone's attention at Kaiser? Member services, the doctor that it all came from, the receptionist?
I know all their names, addresses, medical numbers and private info. about their tests.....
Isn't it amazing how difficult it is for the average citizen to figure out what to do when they find Kaiser's patient privacy violations? A lawyer from the California Dept. of Managed Health Care once scolded me for not bringing the web site where Kaiser was posting patient info to the DMHC's attention first. I pointed out to them that Kaiser's own policy on the subject (which was very hard to find in the first place) instructed people to report HIPAA violations to the Office of Civil Rights (DHHS - the feds) - which I had promptly done. Nowhere did anything say anything about the DMHC. How was I supposed to know that the DMHC had taken it upon themselves to pursue HIPAA violations? (Though later it turned out that the DMHC had actually taken upon itself martial law powers to patrol the Internet for anything that *might* be dangerous - all hail Absolute Dictator Cindy Ehnes!).
A couple weeks ago I came across another case where screenshots of Kaiser patient info had been posted on the Internet - this time by a former Kaiser employee. Since the phone numbers given for the patients were local, I called one to verify whether this was real patient info. Of course it was, and the woman I talked to was totally freaked out.
(Clarification: Info for a number of Kaiser patients was posted online - I only called one.)
This discovery created quite a dilemma for me. The woman said she would report the breach to Kaiser, but what if she couldn't reach the right person or the information somehow got garbled? I needed to report it somehow myself. However, I didn't want to talk to anyone I'd previously dealt with - the DMHC, the OCR, or Kaiser itself. These people had all screwed up my life: why should I risk letting any of them screw up my life yet again? For God's sake, I've already been publicly denounced and sued by Kaiser's corporate lawyers just for surfing the Internet and mentioning what I found.
Instead I consulted with people I trusted. One friend agreed to put together a packet of evidence and fax it to the DMHC. Another friend agreed to try to contact the person who posted the web site. Despite their efforts, the web site was still online for another week. Goodness knows what the poor woman I had called was thinking the whole time.
My point is that one of the problems with punishing people for finding HIPAA violations is that it greatly discourages them for ever reporting such incidents again. Is it really in the public interest if the person who finds the info has learned the lesson to stay quiet and walk away? Do people really want to risk leaving their medical information out in public for years because people like me are afraid to report it?
I thought not. I hope this latest breach of Kaiser patient information gives everyone pause to think and revisit how the public treats whistleblowers.
Update: Huh. There's now a California Office of HIPAA Implementation. It probably would have been good to report the web site HIPAA violation to these people - except I didn't know they existed. And neither did anyone I talked to.
IMPORTANT Upate: Justen Deal - the employee Kaiser placed on administrative leave for merely sharing his concerns with other employees - has posted his response to many questions on his blog.
|
An insider just warned me about Kaiser spyware and offered some excellent advice for whistleblowers. I'm reposting their comment here where it will have a better chance of being seen:
...Go STRAIGHT to the CA Att'y General or OIG. Build your case with solid evidence and facts...don't let ANYONE on to your game WITHIN KAISER.
Avoid KP Compliance Hotline like your life depended on avoiding it. If you already called, hold your breath, cross your fingers and wait for the repercussion (or don't hold your breath, depending how you look at it).
Don't trust upper management fools with a title that has the words DIRECTOR, NATIONAL, COMPLIANCE, and/or INVESTIGATOR in it. Don't trust that they have your best interest, your department's best interest, or even that they are interested in doing the right thing. Oh sure they may have great concern at first and may personally WANT to see things change for the better and pursue your complaints/concerns, until THEIR superiors yank their chain and threaten their jobs. Basically upper management is concerned about protecting the party line (i.e. the KP "Party"), saving their own individual necks and their jobs in the process. They're willing to pretend to listen to you, while looking the other way, like a therapist nodding his head at the patient while doodling and drawing stick figures in his pad, pretending to listen and look completely concerned. Kaiser's internal investigative wing is NOT (I repeat, NOT) interested in seeing the right thing done. They're interested in protecting the image of the organization as a whole.
More advice...watch for KPIT spyware...if you notice your station unexpectedly slowing down for extended periods of time, CTRL+ALT+DEL then go to task manager, look under tab "Processes" and scroll down until you see something like RGTMS.EXE or RTGMS.EXE (you get the idea) which is a particularly stubborn & nasty KP spyware, allows them to "shadow" your workstation remotely IN REAL TIME, copying your emails, taking screenshots of your computer activity and monitoring your web page visits, etc. At this point it's just simply too late for you, just hope that you haven't done much NON-KAISER with the KP workstation/computer while connected to Corona. There's nothing you can do, and there's no way to fight it. After all, KP can monitor whomever, whenever, for whatever reason. Your employment requires you to sign something to that effect coming in, so...too bad I guess.
BOTTOM LINE - KP MANAGERS WILL DO ANYTHING TO PRESERVE THE IMAGE AND PRESTIGE OF THE ORGANIATION IN THE PUBLIC EYE, AND DO ANYTHING TO NOT LOSE MEMBERSHIP. They'll resort to playing both sides, lying, cheating, leading you on...possibilities and permutations are endless.
...OR...you can be like every other chicken-s**t 20-something plus year veteran of Kaiser, stick your fingers in your ears, shake your head side to side while loudly humming a tune, eyes closed, keep your d**ned mouth shut, and say nothing...exactly the model employee that KP wants to see. You don't even have to be anything but marginally competent at your job. You can be a mindless, unimaginative and uncreative Yahoo (with a literary nod to Swift, not Filo & Yang). 1800 Harrison and 1 Kaiser Plaza prove that every f****ng day of the week.
It's your choice, just go into battle knowing what the result that you want to see, then charge full steam ahead. Ahoy matey and happy sailing!
For everyone gathering evidence on Kaiser - please heed this advice. If you're wondering how far employers are willing to go in regard to worker surveillance, check out these cases of cellphone GPS spying. Kaiser might also contract with other surveillance companies such as Guidance Software (EnCase Enterprise), NICE (NICE Perform), and AXCESS (RFID tagging for badges). Here's an interesting article on the subject that shows the California Governator supports spying on workers.
IMPORTANT NOTE: I don't know what RGTMS.exe is. It could be a perfectly legit process on every Kaiser workstation. For instance, this could be a note is from a sleazy manager who wants everyone who works at Kaiser to go into paranoia mode or from some kid who thinks it would be kewl to scare his coworkers. The point is simply to always proceed with caution at Kaiser. I'm hoping someone else knows about this .exe process and can confirm that it's spyware.
Update on Spyware: After chatting with various folk, it seems like the .exe is probably radstgms.exe. This is part of Hewlett-Packard's Radia OpenView suite, and, like Tivoli (mentioned in the comments), it's used to automatically distribute software to workstations. Therefore everyone in regions that use Radia will have radstgms.exe running in their task manager. Someone also made the eminently reasonable observation that if Kaiser really wants to spy, they will use products that won't show up in the task manager.
|
Looks like Kaiser got knocked over by a feather again. Keep in mind Kaiser has been seeking to dramatically reduce their $250 million/year investment in technology staff. With that level of investment, it seems like Kaiser could have sent one of these superfluous contractors to install Norton on the call center machines (and perhaps deploy some security guards as well). Then again, since spinmeister Schiffgens is involved, maybe the "virus" isn't the real story at all...
Arch Kaiser Kriminal Henry Mead Kaiser was sentenced to a paltry year in prison. Is anyone ready to talk about the judicial corruption in California yet?
Looks like Kaiser marketing is on a racial profiling kick again. Kaiser's use of racial profiling tactics to create new markets is an ongoing problem.
Also, looks like Kaiser paid big to avert a nurses strike.
Update on the Pellini story: According to people close to the Pellini case...
Kaiser and Kaiser's Attorney and Arbitrator refuse to put in writing the agreement that they made with CBS 5 to extend the statute of limitations and that Teresa Pellini may represent her father if she so chooses. Because Kaiser, their attorney and the arbitrator refuse to confirm their agreement with CBS 5 in writing they are only pretending to make a deal and there really is not one.
They appear to have only made a verbal agreement with the Pellini family and CBS 5 for show and nothing more.
Update 2: Kaiserpapers has posted the picture of Mr. Pellini's Kaiser-inflicted injuries.
|
Kaiser helped a child molester get his sentence cut in half by giving a child's medical information to the convict's sister over the phone. Kaiser's bid for self-exhoneration is that their phone representative "followed procedure", and the blame lies with whoever shared the child's medical record number and "password".
I personally very much doubt a password was involved. If the malefactors had the password, they could have obtained the information they wanted from Kaiser Online, without going through the risk and trouble of persuading a Kaiser employee to help them. As for MRNs - I think it's a bit mean-spirited to imply the only problem is the victim sharing their MRN with random strangers, when hundreds of thousands of Kaiser MRNs have been found on stolen laptops, on Kaiser magazine mailing labels, in the pockets of rogue temps, via Kaiser web site and email glitches, in random boxes at Office Depot, and, of course, posted for years on the Internet as part of the Systems Diagrams. And then there are scams, scams, and more scams. Given that Kaiser has so many leaks around the edges - which include outsourcing transcription to India (by using contracting firms that outsource to India) and exposing their Colorado Intranet for the whole world to see for goodness knows how long - how dare they even suggest that the ease with which a criminal obtained a child's medical records over the phone is a matter of the victim's responsibility in guarding their MRN?
Kaiser simply shouldn't be giving personal medical information out over the phone. There's just no way to verify who they are giving it to. The "unique" MRN has been proven to be an extremely low barrier - because Kaiser itself sprays this sort of data everywhere. It's time to stop allowing Kaiser to shift the blame for this problem (blaming the victim, attempting to frame the whistleblower, etc.) and start facing the reality that even organizations with the immense resources of Kaiser can't be trusted to protect our medical information. Perhaps there should be an independent service that keeps these records in the equivalent of a bank vault: that would not only be safer - it would make it easier for people to switch health care providers at the drop of a hat, too.
|
Today Kaiser took a break from fending off rapists, denying patient claims, under-treating ER patients, insulting Jewish patients, and pleading poverty to pay the State of California a record $2 million dollar fine. On top of the fine, the the Dept. of Managed Health Care is "forcing" Kaiser to pay itself $3 million dollars to create an outreach program. Anyone want to play "count the cronies" on who gets overpaid to direct and staff that program?
Meanwhile the kidney patients are dealing with ongoing delays in obtaining transplants. People DIED in Kaiser's bungle-fest. Don't let a windfall for the State of California distract from the need Kaiser needs to be paying damages to the victims.
Update: My good friend Kaiser Thrive did the math...
$2 million is pocket change for Kaiser. If you estimate conservatively, about 60 patients needlessly died. That's a little over $33,000 per patient. Per LIFE. That doesn't even include the thousands who had their quality of life ruined.
Those who need a break from the kidney story may want to play search for the HIPAA violations with the massive dataset of search logs AOL released this week. I'm hoping that this incident will raise awareness of the problems with the HIPAA standard for de-identifying personal information. Kaiser is throwing around this "de-identified" data left and right in its population management research: in fact a group of bigwigs planned right in front of me to package and resell it with their EMR to anyone willing to buy it. This data can be aggregated the same way the AOL data set can, and there is an ever-widening base of people with aggregation skills: don't just think hackers - think marketing departments and insurance companies with their common diagnosis database.
Here's a Kaiser lie: Kaiser is claiming their doctors don't give prescription info to drug companies, but right after I filled a Kaiser prescription at the Kaiser pharmacy, I started receiving direct mail advertising from the pharmaceutical company for drugs related to my condition. This isn't to say Kaiser doesn't have a policy in place: Kaiser doctors may just ignore the policy and retaliate against anyone who raises the issue. After all, they know Kaiser HR will cover up for anything they do.
|
Is there anyone who *doesn't* have Kaiser's patient info at this point? This week Kaiser mailed letters to 160,000 patients to let them know a laptop containing their personal data (phone numbers and Kaiser MRN numbers) had been stolen.
Anyone want to compare the number 160,000 to the way I supposedly endangered the public by pointing out a Kaiser web site that had been online for five years that later turned out to contain the MRNs for around 150 people? Where is the DMHC press release and public order intended to turn anyone who dares mention it into a supervillain? Why isn't Scott Budman of NBC 11 busy splicing news clips together to invent a hacker? Any plans to haul the person who tipped off Wired into court yet?
At least the public has been informed about the laptops. There hasn't been a word in the press about the other Kaiser web site that put patient information online.
Update: I'd like to put this article about Kaiser's desperation in context. When I worked for Kaiser, Covansys contractors were earning $150/hr. for twiddling with HTML, attending department meetings, and taking long walks around Lake Merritt in Oakland. I'm sure the contractors who were working with the hot buzzwords, like J2EE, were making a great deal more. These costs have all been passed on to Kaiser members as they have been used as the justification for huge membership rate increases for the last several years. If Kaiser's demand for "immediate price relief" is met, I doubt those savings will translate into a reduction of membership fees.
|
The only reason Kaiser has been getting away with the crap it gets away with is that the government, the media, and everyone else who could have put them under review chose to look the other way. The stars of justice must have finally aligned, though. As much as Kaiser's PR department scrambles to stuff the news channels with fluff articles, the serious journalists aren't being thrown off the trail.
First, the president of Kaiser Northwest resigned because first quarter profits dropped 88% - largely because of glitches with the EMR (Electronic Medical Record) billing system. The EMR, which was subsidized by hikes in member fees (including millions of dollars wasted on the write off of the previous system) was chosen expressly for the billing system. Kaiser rushed out the billing system first thing, and they probably would have been satisfied with just installing that. This is a failure of awe-inspiring proportions, and it should give people pause for thought before Kaiser manages to pawn it off on the Federal government as the Medicare EMR. Yep - the ultimate plan was for the taxpayer to foot the bill and line the pockets of Kaiser's "early EMR adopter" shareholders.
How interesting to learn from the same article that Kaiser suffered a 112% loss in underwriting (profit from insurance sales). Looks like consumers are finally starting to wise up. Perhaps one too many Kaiser doctors dismissed imminent heart failure as a "recommendation for diet and exercise". I've been told that Kaiser lowers its metrics for heart attacks by not counting anyone who dies before they reach the emergency room.
But that's not all! There's more revelations from the David Merlin lawsuit. Finally, investigative journalists are paying attention to the role played by Kaiser's profit-taking medical groups:
So far, however, no senior executives in the Permanente Medical Group, which ran the unit, have left or been reprimanded. And except for the first days after the issue came to light, TPMG executives have repeatedly deflected questions on the medical group’s role, leaving Mary Ann Thode, president of Kaiser’s Northern California hospital and health-plan units, to bear the brunt of public scrutiny....The medical group, unlike the rest of Kaiser, is a for-profit enterprise that splits profits among its physician partners. Critics say that gives an incentive for the group to bring services in-house for financial reasons, sometimes to the detriment of enrollees. In addition, critics say, Kaiser’s emphasis on “population health” — meaning providing cost-effective care for the greatest number of enrollees — carries within it some risk that the interests of individual patients could be compromised in an attempt to stretch health-care dollars across a broad spectrum of care.
That appears to have been one of the factors leading Kaiser executives to take steps that put some individual patients at risk, with the goal of ultimately benefiting the greater good, Given said. This “may at least partially explain TPMG’s unwillingness to respond to (patient and family) complaints in a timely manner — or apparently at all — if the media had not gotten involved.” ....Other sources, including some within Kaiser, say Kaiser’s corporate culture and the influence of its powerful medical group, contributed to a reluctance to address these issues directly and publicly....Critics say the powerful influence of Kaiser’s doctors within the organization is little known to the public or to regulators, and that financial incentives sometimes result in clinical decisions that can put some patients in jeopardy. A senior Kaiser source blamed the situation on internal power struggles and cultural change within what the source called “a doctor’s culture.”
Other highlights of this article include the whistleblower Merlin being told to "shut up", and Kaiser's notorious "issues management" consultant, making the snide comment: "we’re not to going to litigate or advance our litigation strategy in the media."
This remark has particular resonance for me this week because I've been talking to several people about the tactics Kaiser's lawyers use when judges were out of sight. I was personally threatened on two occasions by a Kaiser lawyer who said, and this is a quote, patients wanted to "come after me", and I would thus have to cooperate with Kaiser if I wanted them to protect me. Of course the only reason patients might want to "come after me" is that Kaiser called up 150+ patients to tell them that I had stolen their patient info when Kaiser itself had been posting the info on the Internet for around five years. It's my belief that Kaiser has only been able to get away with this sort of unethical bullying because people who are involved with lawsuits are all isolated. If there's anyone with access to Lexis-Nexis and an interest in legal research (Ph.D. student, perhaps?) who might be interested in researching patterns in the "hallway" part of Kaiser's "litigation strategy", please let me know.
******************************************
Last, but certainly not least, Kaiser has been posting patient info on the Internet yet again. The patient involved received this letter in March 2006, but the letter itself is undated. My theory is that Kaiser did this deliberately to create confusion if this letter was used in litigation. I haven't seen a word about this letter from either the press or the DMHC (remember the DMHC making a big deal about how they wanted to handle HIPAA violations even though all of Kaiser's training materials says to report violations to the Federal Dept. of Health and Human Services...?).
This is a stunning HIPAA violation. Remember Kaiser siccing their full lawyer power (as well the DMHC) on me just for calling attention to their publicly posted web site? (Note the EFF finally figured out the problem with persecuting the transmitter of public posted information in this case). So how on earth did Kaiser manage to quash it?
I challenge investigative journalists to follow up on and validate this letter. While I've redacted the patient's name on the document I posted, I'm sure the patient would be more than willing to cooperate.
|
After waiting five years and suffering a "cascade" of diabetes-related medical problems, what will it take for Kaiser victim Christy Pimental to get a kidney transplant?
In other news, today I got a curious letter from the Department of Health and Human Services (DHHS). For those following my saga, I first reported the Kaiser Systems Diagrams (the technical schemata that contained patient Medical Record Numbers that Kaiser posted on the Internet for around 5 years), to a subsection of the DHHS, the Office of Civil Rights.
When Kaiser launched their attempt to frame me, I immediately appealed to the Office of Civil Rights for the whistleblower protection under the relevant legal code (HIPAA). The Office of Civil Rights failed to help me in a timely manner, and I was left to fend off Kaiser's PR department, lawyers, and the CA Dept. of Managed Health Care (which Kaiser had tricked into rapid public action by telling them I had stolen the patient information and was an imminent threat) all by myself.
When I wrote to the Office of Civil Rights, they did not bother to communicate with me for any investigation. Several months later, however, I got a letter saying they were denying my whistleblower protection because the press was involved, and they alluded to the the press release in which the DMHC had initially put out. I immediately wrote back (several times), but the contact person mentioned in the letter refused to reply. Meanwhile, the boss of Kaiser's attorneys, Peter Grant, was chumming up with the Director of the Office of Civil Rights (Richard Campanelli) and Campanelli accepted Grant's invitation to be keynote speaker of the national HIPAA Summit (a vehicle that was used to smear me to academics and government officials).
Thanks a lot DHHS for showing the world how whistleblowers can expect to be treated by the federal government if they don't have their own legal representation.
Anyway, over a year later, I finally got another letter from the DHHS Office of Civil Rights. In this generic letter they confirm they have closed their case against Kaiser, without a single reference to my request for whistleblower protection. I figure if I reply to this, it will take another year for the Office of Civil Rights to get back to me.
However, the most incredible absurdity is the last line:
Your advocacy for the protections of the Privacy Rule has enhanced the privacy of many.
What the heck is that???? If my advocacy was so helpful, why did the Office of Civil Rights utterly fail to provide whistleblower protection when I needed it? Why did they take a year to reply to my desperate pleas for help, and then only respond with a form letter that doesn't even reference the issue?
The people who run the Office of Civil Rights are either incompetent or cruel.
Update: I just noticed the DHHS letter was copied to Roger Skinner of Kaiser's Regional Compliance Office. I believe this proves collusion. Throughout this whole ordeal the Office of Civil Rights maintained active communication with Kaiser's representatives, while never once bothering to call me.
Update: I found a terrific article about the way the medical system really works here. However, I have to point out that it was the Archimedes project that posted pictures of their servers on the Internet a few months ago, including at least one where the label with the network IP address was clearly visible. (Kaiser Thrive just pointed out that thumbnails of the Kaiser server pictures are still available on the Internet Archive. By the way, the full-sized photos sometimes come up if you click on the thumbnails.)
Putting the doctors in charge of the technology implementation is like letting the clowns run the circus.
|
|
Since the Kaiser Transplant Debacle has stirred up memories of the Systems Diagrams Affair, I've discovered some blogs are unwittingly spreading the Kaiser PR attack from when Kaiser was attempting to frame me last year. I realize that it's difficult to get an overview of what happened, so I've made a basic timeline. I welcome feedback and tips for improving it. I've backdated the page to 2003 so it won't get mixed in with the rest of my blog. Also, if anyone wants more details, they can always look at my actual blog entries associated with the key dates. There you will find all my thought processes in situ.
|
Did anyone see Boston Legal this week? They did a story on a Violation of Privacy lawsuit that stemmed from a big HMO posting patient information on the Internet. I have mixed feelings about it.
On the one hand, there was scare-mongering about Violation of Privacy, and Kaiser continues to wrongfully try to deflect their liability onto me. On the other hand, Boston Legal held the HMO responsible for posting the information. Then there was this other element where the emotionalism (i.e. "disgruntlement") of the client could have undermined the case played out.
I do worry that Privacy was presented as a one sided issue, with not even a nod to countervailing issues like freedom of speech or the pressure to self-publicize in an "attention economy". The problem is that everyone is upset about Privacy but they don't think about it long enough to realize how complicagted the issue really is. Over-simplification usually leads to horrendous knee-jerk decisions.
Some of the computer stuff that came up was just wrong, too. Cookies as violation of privacy? That's straight out of the 90s. On the other hand, they brought up Echelon and how society has been functioning in denial about how unprivate email really is.
Update: The Boston Legal episode was followed the next day by two articles on Technology and Privacy in the Circuits section of the New York Times. These articles described how technology has outpaced our gut instincts about privacy and touch on how certain violations of privacy are actually structured into our society (such as when trial evidence that reveals personal information about third parties becomes part of the public record). I'm glad this issue is becoming more visible in the public arena, and I'm thankful that it's being considered in the multi-faceted, complex way it deserves.
|
Kaiser is still failing to protect patient data up front (notices sent to 25,000 people) - they only react once the horse is already out of the barn, and then Kaiser hopes making a big show will make people think they are champions of privacy. Note that it takes a loss of data to create the pretext for the big show. The bigger Kaiser's show, the more the patients should worry.
I wrote a big round up of Kaiser's privacy incidents a few months ago. I hope this proves to be useful soup starter for anyone doing research on the subject. Also, I continue to collect street data here.
Yesterday, I was also discussing with a friend how Kaiser's overblown legal expenditures inflate member fees. The irony is members are paying for Kaiser's ability to stomp on them in the event of malpractice. I was wondering whether it would be possible to tie Kaiser's not-for-profit tax benefits to a cap on legal spending. I'm not a practitioner of policy-fu, though, so I welcome any feedback on that thought.
To Carol Lyons: I hope mentioning that you've been sending me flame mail will score you some Kaiser points for whomever you're hoping to suck up to.
|
I haven't had much to say lately, but I wanted to post to make sure people know I'm still maintaining this blog and responding to comments.
One thing I've wanted to remark on is Kaiser's general record on patient privacy. Kaiser has a history of minimizing and covering up breaches, and this is a significant danger to the public. If the public can't follow and connect all the incidents, there will be no public pressure to motivate Kaiser to improve their stewardship over information. Right now Kaiser just claims they protect patient privacy, and they shift the blame for any evidence to the contrary on mysterious outside forces. Once Kaiser publishes, discloses, or otherwise spills patient information, the damage has been done. If people want to protect their privacy, they need to demand that Kaiser protect their information in the first place, before it gets out. People need to demand an account of how Kaiser is addressing the gross negligence and incompetence that leads to careless treatment of the information that Kaiser was entrusted with.
Here are some of the incidents I've mentioned before in my blog. I'm sure with a little work, I could find more.
Over the last few years, Kaiser has had a string of technical "accidents" that leaked or published patient information. In 2000 Kaiser sent 858 emails to the wrong people. In 2003, Kaiser messed up the prescription label for 4700 patients.
Kaiser has broadcast patient information by email and mailing labels. People have been able to read other people's medical history online (this same note also mentions that Kaiser is being sued for passing medical records through lawyers - this happened to a friend of mine who is not party to this suit since she lives in another state).
One woman found social security numbers of Kaiser members in a box of recycled carbon paper from the Office Depot.
There have also been several incidents where employees were able to just walk out with patient information that was used for credit card fraud. From a quick scan, here's credit scam in Victorville, CA, credit card theft in Sacramento, CA, and mention of an earlier case here (I think this is the same as the 2002 phlebotomist case - I need to look into this).
Other people, besides myself, have pointed out Kaiser's security carelessness, which is a direct result of putting manager's with a poor understanding of technology in charge of technical issues. For instance, Kaiser sent out unsecured email. People also pointed out flaws that could expose Medical Record Numbers on KPOnline here. KPOnline was hacked in 2000.
And let's not forget that Kaiser dropped its Intranet firewall in the Colorado region last year, and all sorts of stuff spilled out onto Google.
Kaiser actually seems to be more interested in keeping information from rightful owners than preventing spillage. It's a universal complaint that Kaiser is slow to turn over medical records and is not above withholding or manipulating them in the case of a complaint. It took me months to get my email records from Kaiser, and I didn't get them until I complained to the DMHC. I'm not sure the set I ultimately got is complete, but a year later, I wasn't confident enough in my memory to press that complaint.
On occasion, Kaiser's leakiness has been a good thing. For instance, it's in the public's interest to know that Kaiser tracks doctors willing to kill you.
People may assume that government agencies will some how find out about it and do something. My own case shows that they do nothing even when informed. There needs to be a public outcry before anything was done.
Something I'd like to make clear about myself is that I'm a strong supporter of privacy. My social security number and other information was stolen in the U.C. Berkeley incident. My mother was the victim of identity theft, and she has to do the work to prove her identity every time some collections agency pursues the charges run up by the person who stole her credit cards. A couple years ago, a burglar broke into my house and took everything I owned, including my underwear drawer and my dissertation. This blog was started when a Kaiser employee (Douglas Lynch) violated my privacy. I was further horrified when Kaiser's attorneys exploited my concern about the privacy of my friends as a form of hardball. One constant in my life, is that I've never been able to repair the damage done in these sorts of incidents. Especially when a big institution or corporation is involved: they won't repair anything, and they know most people don't have the resources to fight for restitution. While all of America will pitch in to help people who are victims of big disasters, there is nothing to help people through individual disasters. Therefore, in my view, it's important for society to do everything possible to protect privacy in the first place.
A good place to start is to make the institutions responsible for protecting your privacy *responsible*. If a corporation like Kaiser is failing to protect your information, then there should be no endless bureaucratic red tape, cover ups, or attempts to create an outside scapegoat. Kaiser should not be able to brush it off with some drop-in-the-bucket fine. Kaiser needs to be accountable and address the negligence, gross incompetence, and the cronyism and corruption behind it all. Otherwise this sort of thing will happen again and again and again. It's time for Kaiser to engage in some Evidence-based Leadership.
|
Kaiser printed Member IDs on their mailing labels in Colorado:
http://www.insidedenver.com/drmn/business/article/0,1299,DRMN_4_4087726,00.html
Behold the hypocrisy! When I called attention to Kaiser's OWN web site with the lists of member IDs, Kaiser painted me as a dangerous person, exposing highly confidential information. However, when Kaiser personnel accidentally deliver Member IDs to their printer, the "worse case scenario" of someone creating a fake Kaiser Membership card is "highly unlikely".
I knew when I voluntarily stopped linking to the Systems Diagrams *before* Kaiser sued me that Kaiser would exploit the opportunity to inflate the scariness of "confidential information" to the press. I expressed this concern directly to Kaiser's lawyers: and instead of offering me reassurance in that regard, they tried to use their power to issue lies about me to the press as a bargaining chip. This is probably the singlemost important reason I've held out against Kaiser: I don't believe corporations should be able to use their ability to manipulate the press as a substitute for an actual case in a legal action.
And here's my vindication! Here's Kaiser's own PR department minimizing the impact of publicizing Member IDs. According to Kaiser's own case against me, just drawing attention to their own web site that publicizes these Member IDs constitutes a horrific breach of privacy. When Kaiser tried to frame me for publishing that information, they invoked the potential suffering of children, and they claimed they had to hold back the people they called from "coming after" me. But now that Kaiser has made their little Colorado gaff, I'm sure such lynch mobs in the name of the children aren't so necessary.
While Kaiser is representing this as an "isolated incident", it resembles all their other "isolated incidents" in that this sort of screw up tends to happen when systems are linked via transmission of datasets. No matter how secure the storage of data may be, there is opportunity for all sorts of problems as data is sent to downstream systems. This will be the issue with massive EMR systems (or cobbled patchworks of systems represented as an EMR, like at Kaiser).
And addressing the problem by asking people to please rip up their mailing labels? Laughable.
On a related note, I just saw another article that reproduces Kaiser's PR attack in making it sound like I either stole or unlawfully accessed patient info, as opposed to finding it on a public web site. The last time I complained about this, I was told, probably untruthfully, that the online story that had already been published couldn't be changed, but there would be more "context" related in the future. Well, here's a future story in the same newspaper, and they went with helping Kaiser's PR spin again! I guess fiction is more "newsworthy" than the truth, especially if it's at the expense of a poor person who can't really do anything about it.
Update: Surprisingly, the above-mentioned newspaper (Mercury News) investigated, and they have offered to run a correction identifying me as the whistleblower in this case. Now if only NBC and the SF Chronicle would amend their Kaiser-fed "reports"...
|
Guess what I got in the mail today!
Does anyone remember that someone stole a laptop filled filled with the personal data, including the Social Security numbers, of nearly 100,000 from UC Berkeley back in March?
It turns out that one of the records was mine!
On the somewhat creepy side, the letter reveals that my current address was not on file at Berkeley, so they did "research" to track me down. American society has officially reached the point of bureaucracy-ad-absurdum: institutions are violating privacy to meet their obligations to safeguard privacy. :-0
Actually, I hope someone steals my identity. They can have it.
|
Someone found Kaiser member info in a box of carbon paper sold at Office Depot. No kidding.
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2005/04/06/BUGEOC3L5N1.DTL&feed=rss.business
The question that comes to my mind is how will the Kaiser members find out if their patient information was exposed. My own situation shows that Kaiser doesn't feel obliged to call the people affected (at least not without someone goading them to do it). If the people affected do somehow find out, will they know how to file a HIPAA complaint? Will they know to ask about the terms of consultant/contractor access to their information? Probably not.
Even if a Kaiser employee finds out who the people affected are, he or she can only file a complaint with the Dept. of Health and Human Services. Kaiser claims the right "to take action" against employees who talk to anyone else. See http://www.kpcolorado.net/privacy_policies/intimidation_prohibited.html.
Note that the Dept. of Health and Human Services can take 4 to 6 months to respond to the complaint, it may choose not to investigate the complaint, and it has no mandate to inform the patients or their private counsel
Therefore, the game is rigged to prevent people from finding out when their patient privacy rights have been violated.
If the people affected in this case do somehow manage to find their private information was in that Office Depot carbon paper box, here's the contact information for the Office of Civil Rights (the govt. enclave that handles HIPAA complaints for the Dept. of Health and Human Services):
Region IX - San Francisco (American Samoa, Arizona, California, Guam, Hawaii, Nevada)
Ira Pollack, Regional Manager
Office for Civil Rights
U.S. Department of Health and Human Services
50 United Nations Plaza - Room 322
San Francisco, CA 94102
Voice Phone (415)437-8310
FAX (415)437-8329
TDD (415)437-8311
People who aren't in the San Francisco Region can find more contact information here: http://www.hhs.gov/ocr/regmail.html
If they contact the OCR, these people will at least be able to find out what action the Dept. of Health and Human Services is taking and have a basis for deciding whether they should retain an attorney and take their own action.
|
As those who have followed this blog know, one of my most frustrating experiences with Kaiser corporate behavior is the blatant managerial pressure to prevent anything from being put "in documentation." My manager stated her No Documentation office policy outright several times, and I encountered it again during Kaiser HR's phony Dispute Resolution Process, when HR representatives would only discuss details of the proceedings over the phone (and they then felt free to safely ignore whatever they told me). Managers also seem to overly enjoy the thrill of intimidating or manipulating their subordinates when they order something to be put in writing: they regard documentation as something that can be held over a vulnerable person's head.
Here are a couple couple of documents that represent the pressure Kaiser puts on it's employees to hide any paper trail of questionable activities: Delete Email and Shred Paper Trail. These Kaiser policies are stated in many places and in many ways: these documents just happen to be two that I kept.
The Delete Email document not only tells employees to schedule time to delete email and to only relay "controversial" information verbally, it inserts a sly threat that "40% of employers" read employee email. Why the vague, abstract statistic? It's public knowledge that Kaiser uses a vendor, ProofPoint, to read employee email. Yet somehow, after all that care to preserve "proof", Kaiser managers to lose or accidentally destroy the email that points to corporate wrongdoing.
Many malpractice victims who have been forced into Kaiser's arbitration process have experienced these same tactics. I just spoke to a victim who was told that the person handling her case just "never read email", so she could only communicate by phone. This victim is trying to get her medical records that will establish falsehoods in a doctor's statements. Kaiser also denied me access to my medical records, for whatever reason. I have also covered in a previous blog entry how people who are herded into using email to communicate with their doctors may not have any medical records to refer to at all. Kaiser had never even confirmed for me that my CyberKaiser records are a part of my formal medical record. I can also personally confirm that Kaiser uses investigators to attempt to intimidate people as well as for the legitimate purpose of analyzing a problem.
If corporate leaders, and society in general, would like to see ethical business concepts put into practice, then the place to get started is the Culture of the Cover Up. Managerial pressuring employees to destroy or hide documentation simply should not be tolerated. Corporate leaders who favor or promote managers who discourage documentation are asking for a corrupt organization. If the business practices of an organization are honest, then managers should be fine with documenting anything they do. Ethical corporate leaders should also endeavor to assist victims of malpractice to the best of their abilities instead of trying to bury what was done to them and smear their name.
Be the Swirl
|
Kaiser is now throwing up spurious mini-web sites to push the Brand message that We believe health isn't an industry, it's a cause.
Uh, last time I checked, Kaiser was a business that was sitting pretty on $832 million dollars of profit. Nevertheless, Kaiser has carefully crafted a message to convince the public that it's not really a business at all.
A couple years ago, Kaiser conducted massive demographic research to figure out just how to twist and manipulate public perceptions. Read Kaiser's theory of deception for yourself from excerpts of this Reputation Management Presentation. (Browse thumbnails here).
Ps. The Landshark Kaiser Parody is still zipping around the world. Last popped up in France and Ireland. Personally, I'm still getting a kick out of Kaiser Splat.
PPs. This ACLU Report on the Surveillance-Industrial Complex offers further cause for concern about how Kaiser will use HealthConnect (not to mention how the U.S. government will use HealthConnect if they purchase it from Kaiser).
Be the Swirl
|
The scanner from Santa Claus arrived!
My first official act of scanning will be to present you with the business card of Douglas Lynch, the Kaiser investigator. He left it on my doorstep while I was in the house to imply that he had been lurking around for an unspecified amount of time.
Here's the proof.
Be the Swirl
|
|
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
corphq's journal