Print

Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This notice is effective as of September 22, 2023.

Learn about our commitment to nondiscrimination and language assistance

Download a PDF version of this notice

Privacy notice in English 
Privacy notice in Chinese 
Privacy notice in Korean 
Privacy notice in Russian 
Privacy notice in Spanish 
Privacy notice in Vietnamese

 

About this notice

This notice applies to members covered under Kaiser Foundation Health Plan of Washington and Kaiser Foundation Health Plan of Washington Options, Inc. plans, as well as the Group Health Cooperative Employee Benefit Plan. This notice also applies to patients receiving care in Kaiser Permanente facilities provided by Washington Permanente Medical Group, PC. In this notice the terms "we," "us," "our," and "Kaiser Permanente" are used to refer to all of these entities.

In this notice, "personal information" refers to any medical or financial information that can be used to identify you and relates to your physical or mental health or condition, the provision of health care to you, or the payment for that care, including your medical record. Personal information may include your name, Social Security number, race/ethnicity, language, gender identity, sexual orientation, pronoun data, address, telephone number, employment information, medical history, health records, claims information, or credit card number.

This notice is based on state and federal law. It explains our responsibilities and privacy practices regarding your personal information. We are required to protect the privacy of your personal information, provide you with this notice, and abide by the terms of this notice.

Safeguarding your privacy and the confidentiality of your personal information is a priority. Our policies and procedures are designed to protect your personal information in written, verbal, and electronic forms. Access to your personal information is kept to a minimum for the intended purpose and provided only for legitimate business need. Physical, electronic, and other safeguards help to protect against unauthorized access to your information.

About Kaiser Permanente

Kaiser Foundation Health Plan of Washington and Kaiser Foundation Health Plan of Washington Options, Inc. offer health care coverage to members through individual and group plans. Kaiser Permanente also delivers care to patients in medical facilities. Depending on your relationship with us, we may collect, use, and share your information in slightly different ways.

When you apply for health coverage, Kaiser Foundation Health Plan of Washington and Kaiser Foundation Health Plan of Washington Options, Inc. may receive your personal information directly from you or from third parties, which may include agents, brokers/ producers, a trust, or your employer. We may share your personal information with the health plan administrator through which you receive your health benefits, to permit them to manage the business functions of the health plan. For example, we may share health plan enrollment and eligibility information with plan administrators. We may also share information that does not identify specific members with a plan administrator.

If you are enrolled in a self-funded plan through your employer, Kaiser Foundation Health Plan of Washington and Kaiser Foundation Health Plan of Washington Options, Inc. may act as an "administrative services organization" for your self-funded plan and may receive and share information with the plan administrator, usually your employer, for certain administrative activities. For example, we may share claims information for health care services you have received. The plan administrator must confirm that it will protect your personal information in accordance with the law.

If you are a patient at a Kaiser Permanente facility, we keep a record of health care services you receive from us, as well as medical records sent to us from other health care providers. We will not share your information with others unless directed by you or otherwise allowed or required by law.

Kaiser Foundation Health Plan of Washington, Kaiser Foundation Health Plan of Washington Options, Inc., and Group Health Cooperative Employee Benefit Plan may share your personal information with Kaiser Foundation Hospitals and Kaiser Foundation Health Plan, Inc., in connection with shared services and other national Kaiser Permanente activities for treatment, payment, or health care operations purposes. For example, if you are being considered for a transplant, we will share your personal information with our Kaiser Permanente National Transplant Network.

How we may use and share your personal information

We use and share your personal information to provide treatment, receive and provide payment for health care services, and conduct health care operations. Some examples of how we may use or share your personal information without your authorization are described below. If you do not receive your health care from us, some of the following examples may not apply to you.

Treatment

If you are a patient in a Kaiser Permanente medical facility, we may use or share your personal information to provide you medical care. For example, our physicians, nurses, pharmacists, and lab technicians may share your personal information to provide you health care services. In addition, we may share your personal information with health care providers or suppliers outside of Kaiser Permanente for consultation, referral, or coordination of your care.

Payment and health care operations

We may receive your personal information from health care providers who treat you, so we can pay them in accordance with your health benefit plan.

In addition, we may disclose your personal information to obtain payment for services provided to you. We may also use and share your personal information to carry out health care operations. Health care operations are business activities that support the delivery and payment of health care. Payment or health care operations purposes could include:

  • Determining benefit eligibility and coordinating benefits with other health plans
  • Reviewing services for medical necessity
  • Paying a claim
  • Performing utilization review
  • Obtaining premiums
  • Subrogating a claim
  • Collection activities
  • Providing care management
  • Educating health or other professionals
  • Underwriting health plan benefits
  • Administering and reviewing a health plan
  • Conducting medical reviews
  • Providing customer service
  • Determining coverage policies
  • Performing business planning
  • Arranging for legal and auditing services
  • Obtaining accreditations and licenses

Please note that we are not allowed to use or share your genetic information for underwriting purposes, to adjust premiums, or to make enrollment or eligibility determinations based on your predisposition to a genetic condition. We are also prohibited from requesting, requiring, or purchasing genetic information about an individual in connection with health plan enrollment. In addition to genetic information, we exclude from review or disclosure for underwriting purposes, race/ethnicity, language, gender identity, sexual orientation, and pronoun data.

We may also contract with individuals or entities known as business associates to work on our behalf, which may require us to use and share your personal information with them. Our business associates must agree in writing to safeguard the confidentiality of your personal information in accordance with federal law and this notice.

Disclosures required by law

Certain state and federal laws may require us to share your personal information. For example, we may share your information with:

  • An authorized public health authority to protect public health and safety; to prevent or control certain diseases, injuries, or conditions; to report vital events such as births or deaths; or to participate in registries such as the cancer registry.
  • The U.S. Food and Drug Administration (FDA) to investigate or track problems with prescription drugs and medical devices.
  • Workers' compensation programs, which provide benefits to you if you have a work-related injury or illness.
  • Government benefits programs, like Medicare and Medicaid, in order to review your eligibility and enrollment in these programs.
  • Government entities authorized to receive reports regarding child or vulnerable adult abuse or neglect.
  • Health oversight agencies. As health plans and health care providers, we must agree to oversight reviews by federal and state and other agencies. These agencies may conduct audits, perform inspections and investigations, license health care providers, health plans, and health care facilities, and enforce federal and state regulations.
  • Law enforcement officials in limited circumstances. For example, disclosures may be made to report a crime on our property.
  • Armed forces personnel for military activities and to authorized federal officials for national security activities.
  • Funeral directors to assist with their responsibilities.
  • County coroners for the investigation of deaths.
  • Organ procurement organizations to the extent allowed by law.
  • Disaster relief organizations such as the Red Cross to assist in disaster relief efforts.
  • Correctional facilities if you are an inmate. We may share your personal information for your health and the health and safety of others.

We may also use or share your personal information without your authorization in the following circumstances:

  • Family, domestic partner, or friend involved in your care or the payment of your care or a person you identify when you are present and agree, or when you are not present or incapacitated and in our professional judgment it is in your best interest to share information about your care.
  • Appointment reminders—If you are a patient, to remind you that you have a health care appointment with us.
  • Health information exchange—We may share your health information electronically with other organizations through a Health Information Exchange (HIE) network. These other organizations may include hospitals, laboratories, health care providers, public health departments, health plans, and other participants. Kaiser Permanente operates an HIE network among Kaiser Permanente regions, and also participates in several HIE networks with other health care providers outside of Kaiser Permanente who also have electronic medical record systems. Sharing information electronically is a faster way to get your health information to the health care providers treating you. For example, if you go to a hospital emergency room that participates in the same HIE network as Kaiser Permanente, the emergency room physicians would be able to access your Kaiser Permanente health information to help make treatment decisions for you. HIE participants like Kaiser Permanente are required to meet rules that protect the privacy and security of your health and personal information.
    • If your medical record contains certain information (such as from a substance use disorder program) that requires your authorization under state or federal law before information is shared, then Kaiser Permanente will not release that information to your other treating providers through HIE until you provide authorization. To check if your authorization is required before Kaiser Permanente can release your records through HIE and to provide authorization, click here.
  • Plan description—If you are a member, to communicate with you about our networks, health plans, and providers.
  • Services related to your healthcare and wellness—If you are a member or patient, to remind you about preventive health services or to let you know about treatment alternatives, providers, settings of care, or health and wellness products or services that are available for you as a member.
  • Facility directory information—If you are a patient in one of our facilities, we may share your name, the location where you are receiving care, your general health condition, and your religious affiliation in our facility directory unless you tell us that you wish to be excluded.
  • Fundraising—We may use or disclose your demographic information and other limited information such as dates and where health care was provided, to certain organizations for the purpose of contacting you to raise funds for our organization. To direct us not to contact you for this purpose, call Member Services toll free at 1-888-901-4636.
  • Research—Kaiser Permanente engages in extensive and important research. Some of our research may involve medical procedures and some is limited to collection and analysis of health data. Research of all kinds may involve the use or disclosure of your personal information. Your personal information can generally be used or disclosed for research without your permission if an Institutional Review Board (IRB) approves such use or disclosure. An IRB is a committee that is responsible, under federal law, for reviewing and approving human subjects research to protect the safety of the participants and the confidentiality of your personal information.
  • Education—We may use and share your information to teach and educate staff and students. For example, teaching physicians may review health information with medical students.
  • Public health and safety—We may use and share your personal information to avert a threat to the health and safety of a person or the public.

We may share your personal information in response to a court order and, in certain cases, in response to a subpoena, discovery request, or other lawful process.

Other uses of your personal information

Except in the situations described above, we will use and share your personal information only with your written permission or authorization. Kaiser Permanente is not permitted to sell or rent your personal information and may not use or share your personal information for marketing purposes without your authorization. In some situations, federal and state laws provide special protections for sharing specific kinds of personal information and require authorization from you before we can share that specially protected medical information. For example, information about treatment for alcohol or drug abuse, sexually transmitted disease, and mental health is specially protected. In these situations and for any other purpose, we will contact you for the necessary authorization. If you sign an authorization to disclose your health care information, you may withdraw it at any time by letting us know in writing.

Your rights

You have rights regarding personal information that we maintain about you. If you do not receive treatment in our facilities, some of these statements may not apply to you. You may get more information about exercising these rights by calling the Privacy Office at 206-630-2131.

  • Request restrictions: You may request that we limit the way we use or share your personal information. Please make your request to us in writing. We will consider your request but are not required to agree to it.
  • Request restriction to a health plan: You may request that certain health care services or items that you pay for fully at the time of service not be shared with your health plan. Please let your provider know before, or at the time of service or we may not be able to fulfill your request.
  • Confidential communication: You may ask that we contact you in a certain way or at a certain location, for example at a different address or phone number. We will usually be able to accommodate your request. Please make your request to us in writing.
  • Inspect and timely access: You may review and request a copy of your medical record and certain other records maintained by us relating to your care or decisions about your care or payment for your care. If your PHI is stored electronically, you may request a copy in an electronic format offered by Kaiser Permanente. You may also make a specific written request to transmit the electronic copy to a designated third party. We will respond to your request, usually within 15 days. We may charge a reasonable, cost-based fee. You may see your record or get more information about it at your Kaiser Permanente Medical Centers location. In certain situations, we may deny your request and tell you why we are denying it. You have the right to ask for a review of our denial.
  • Amendments: You may ask us to correct or amend information in your records. Your request for a change to your record must be in writing and must give a reason for your request. We may deny your request, but you may respond by filing a written statement of disagreement and ask that the statement be included with your record.
  • Accounting of disclosures: You may seek an accounting of certain disclosures by asking us for a list of the times we have shared your personal information. Your request must be in writing. You are entitled to one disclosure accounting in any 12-month period at no charge. If you request any additional accountings less than 12 months later, we may charge a fee.
  • Breaches: You may receive a notice from us about a breach of unsecured personal information if you are affected. We may also inform you of ways you can protect yourself in the event of a breach.
  • Receive an additional copy of this notice: You may request a paper copy or ask general questions about this notice by calling Member Services at 206-630-4636 or toll free at 1-888-901-4636. You may also view this notice on our website at kp.org/wa.

Questions and complaints

If you have questions about this notice or want to file a complaint about our privacy practices, write to the Privacy Officer, Kaiser Foundation Health Plan of Washington, PO Box 9813, Renton, WA 98057-9055 or call us at 206-630-2131. You may also notify the Secretary of the U.S. Department of Health and Human Services Office for Civil Rights.

We will not retaliate against you if you file a complaint about our privacy practices.

Changes to privacy practices

We may change the terms of this notice at any time. If we change any of the privacy practices described in this notice, we will post the revised notice on our website, at kp.org/wa and in our medical facilities. We may give you additional information about our privacy practices in other notices we provide.