Paubox News | HIPAA Compliance, Email Security and Healthcare Tech

Kaiser to pay $49 million settlement for illegal disposal of protected patient information and medical waste

Written by Dean Levitt | September 14, 2023

Kaiser Foundation Health Plan, Inc., and Kaiser Foundation Hospitals, collectively known as "Kaiser," have been accused of unlawfully disposing of hazardous waste, medical waste, and protected health information at their facilities across California. Such actions endanger the environment and violate multiple federal and state laws.

 

What's new: 

California Attorney General Rob Bonta, in collaboration with six district attorneys, has announced a $49 million settlement with Kaiser. This resolution addresses the allegations and mandates Kaiser to implement significant measures to prevent future illegal disposals.

 

By the numbers: 

The settlement stems from undercover inspections at 16 Kaiser facilities. These inspections revealed hundreds of items of hazardous and medical waste and over 10,000 paper records containing information of more than 7,700 patients.

 

What they're saying:

Attorney General Rob Bonta emphasized that the illegal disposal of hazardous and medical waste poses risks to the environment, workers, and the public, saying, "As a healthcare provider, Kaiser should know that it has specific legal obligations to properly dispose of medical waste and safeguard patients' medical information. I am pleased that Kaiser has been cooperative with my office and the district attorneys' offices, and that it took immediate action to address the alleged violations." 

Alameda County District Attorney Pamela Price stated that as a major corporation, Kaiser has a responsibility to its communities and patients and said, "Dumping medical waste and private information are wrong, which they have acknowledged. This action will hold them accountable in such a way that we hope means it doesn't happen again."

San Francisco District Attorney Brooke Jenkins said, "Protecting patient privacy and the environment is just as important as protecting public safety."

San Bernardino County District Attorney Jason Anderson, San Joaquin County District Attorney Ron Freitas, and San Mateo County District Attorney Stephen M. Wagstaffe also expressed their concerns and commitment to ensuring compliance with environmental and patient privacy laws.

 

The big picture:

Kaiser, headquartered in Oakland, California, operates over 700 facilities statewide and provides healthcare to approximately 8.8 million Californians. This settlement highlights the importance of healthcare providers adhering to environmental and patient privacy regulations.

 

Go deeper:

This isn't the first time Kaiser has faced legal challenges. In 2014, the California Department of Justice filed a lawsuit against Kaiser for delaying notifications about a data breach involving an unencrypted USB drive. Kaiser had to pay $150,000 in penalties and attorneys' fees for that incident.

 

What's next: 

As part of the settlement, Kaiser has committed to several proactive measures to ensure compliance with environmental and patient privacy regulations. They will:

  • Pay $47.250 million, which includes civil penalties, attorneys' fees, costs, and funds for supplemental environmental projects.
  • Allocate an additional $1.75 million in civil penalties if they do not spend $3.5 million at their California facilities within the next 5 years to implement enhanced environmental compliance measures.
  • Retain an independent third-party auditor, approved by the Attorney General's Office and the district attorneys. This auditor will conduct over 520 trash compactor audits at Kaiser's California facilities and at least 40 programmatic field audits each year for the next five years. These audits aim to evaluate Kaiser's compliance with policies and procedures related to hazardous waste, medical waste, and protected health information.

These steps ensure that Kaiser adheres to state and federal laws, safeguarding the environment and patient information.

RelatedHIPAA Compliant Email: The Definitive Guide