September 27, 2019
Because Kaiser Permanente takes the protection of our member data very seriously, we wish to notify you of the following matter:
On August 19, 2019, we learned that a Sacramento, California, Kaiser Permanente provider’s email account containing members’ protected health information became accessible to an unknown and unauthorized individual for approximately 13 hours on August 12, 2019. We do not have evidence that any information was viewed, used or copied.
All affected members were mailed notification letters on September 27, 2019. This notice is intended for those members who may not have received the notification letter because of incorrect or incomplete mailing addresses.
The data contained in the email account included member names and medical record numbers, and for some individuals, may have included a combination of some of the following information:
Date(s) of service, age, date of birth, gender, provider name, provider comments, payor name, diagnosis, medical history, benefit information, insurance coverage status, and treatment, procedure and/or service provided.
Social Security numbers and financial information were not included.
Kaiser Permanente is taking steps to prevent this type of error from occurring in the future. Upon learning of this issue, we changed the password to the provider’s email account and have undertaken additional measures to further strengthen Kaiser Permanente’s email security controls.
For your protection, we encourage you to carefully review any Explanation of Benefits statements you receive and contact us right away at the number on the back of your Kaiser Permanente Identification card if you spot any suspicious activity.
On behalf of Kaiser Permanente, we offer our sincerest apology that this unfortunate incident occurred. We assure you that safeguarding your information is one of our highest priorities. If you have any questions, concerns or wish to file a complaint with us, please call 1-800-464-4000 (TTY 711).
Angela B Anderson, RN, MPA, CHC, CHPC
NCAL Regional Compliance Director, Privacy and Security Officer