25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Website Glitch Exposes Personal Information of KP Members

Posted By on Dec 22, 2016

Kaiser Permanente is alerting certain members to the potential disclosure of a limited amount of their personal information to other KP members after a glitch was discovered in the company’s online ‘Estimates’ tool.

On November 16, 2016, Kaiser Permanente updated the Estimates tool on the kp.org website; however, an error occurred during the update that potentially resulted in members’ name, address, age, copay information, deductible payments from 2016, and out of pocket expenses from 2016 being displayed to another user of the tool.

Individuals potentially affected by the error visited the website and used the tool from the date that the update was applied until November 28, 2016 when the error was discovered and corrected.

Kaiser Permanente has informed affected patients that there was only a small chance that their information was viewed by another person. At no point were Social Security numbers, claims information, or banking details exposed.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The error did not result in the mass disclosure of PHI to other members. In each case, an individual who used the tool may have had their data displayed to the next person who used the tool.

Kaiser Permanente conducts extensive testing of its online systems following any upgrade. Members have now been notified of the incident by mail and told “there is always the rare chance that an error can go undetected until an update is live.”

However, this will be bad news for Kaiser Permanente as it is the second website error to be discovered in just a few weeks. Certain members were impacted by a website error caused during a kp.org site upgrade in October. In that instance, the upgrade was made to improve webpage speed and the error was identified and corrected within 24 hours.

Members affected by the latest breach have been urged to review their Explanation of Benefits statements and to report any irregularities, although due to the type information exposed and the speed of detection and correction of the error, Kaiser Permanente says the privacy risk is ‘limited’.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist