Kaiser Foundation Health Plan, Inc.

This data privacy class action alleges that Defendants embedded code on the Kaiser Permanente Website (“Site”) and Mobile Applications (“Apps”) that intercepts and redirects confidential personal and medical information to third party companies like Twitter, Adobe, Google, Quantum Metric and Dynatrace, without patients’ consent.  Under the Health Insurance Portability and Accountability Act (“HIPAA”), and other laws, healthcare providers and insurers must follow strict rules to safeguard patients’ sensitive health information.  Our investigation revealed that instead of safeguarding that information, Defendants installed code on the Site and Apps that secretly intercepted patients’ information and communications and redirected them to third parties for marketing. This includes data showing patient status, health conditions, allergies, medications, vaccinations, medical test information, communications with doctors, and other sensitive health information. 

On June 9, 2023, Plaintiffs John Doe and Jane Doe filed this lawsuit, bringing federal claims under the Electronic Communications Privacy Act, on behalf of Kaiser Plan Members nationwide, as well as claims under California and Washington law. On September 15, 2023, Plaintiffs filed an Amended Complaint (“FAC”), which also asserted claims regarding the Apps, and included additional John Doe and Jane Doe plaintiffs pursuing claims under Georgia, Maryland, Oregon, Virginia and District of Columbia laws. 

On October 4, 2023, Plaintiffs filed a Motion for a Preliminary Injunction (“Motion”), asking the Court to order that Defendants remove the code from the Site and Apps. On November 22, 2023, Defendants disclosed for the first time that Kaiser began disabling, deleting or modifying the code after Plaintiffs filed their Complaint and completed that process on November 13, 2023. Based on Defendants’ representation that it had provided the relief that Plaintiffs sought through the Preliminary Injunction, Plaintiffs withdrew their Motion. Plaintiffs are continuing to pursue discovery regarding these changes, as well as damages for past harms, and permanent injunctive relief. On January 15, 2024, Plaintiffs opposed Defendants’ motion to dismiss the FAC and motion to compel arbitration of John Doe’s claims.