Health data privacy

Protecting our members’ personal health information

Health data privacy

Protecting our members’ personal health information

Providing high-quality care requires accessible and accurate personal health information. Kaiser Permanente pioneered comprehensive electronic health records, beginning in the 1960s. Today, these records enable us to integrate care delivery across our entire system and keep our members healthy.

Highly connected, digital systems (like electronic health record systems) pose potential privacy challenges for any organization. Threats to privacy can happen when people provide information to third parties for one purpose, such as a health-focused app, but find it used inappropriately for an unintended purpose.

Underpinning Kaiser Permanente’s electronic health record systems are internal policies and protocols that reflect a robust, consistent, transparent data privacy approach. We use a comprehensive approach to data security to enable strong privacy protections. We advocate for policies that support the secure use of patient information for the intended purpose of delivering high-quality health care.

8 of 10

Americans think the risks of companies collecting data about them outweigh the benefits1

Half of adults

Are extremely or very concerned about their health care data security2


of the top depression and smoking cessation apps sent data to Google for Facebook3

Kaiser Permanente believes sound public policies relating to health data privacy must:

  • Protect individual privacy rights and support high-quality care delivery at the same time
  • Enable clear and open communication with members, patients, providers, and customers about data and privacy
  • Require holders of personal data to communicate policies and processes for collecting, using, sharing, storing, archiving, and protecting health information
  • Promote data governance models that establish and follow: clear policies and processes for storing, archiving, backing up, and protecting personal health information; standards and procedures that define personal health information use by authorized personnel; and controls and audit procedures that ensure ongoing compliance with laws and regulations
  • Align federal, state, and local law and regulation to ensure providers can access the health information necessary for high-quality care delivery while also protecting individual privacy rights

Kaiser Permanente advocates for policies that:  

  • Ensure patient records are accurate, complete, and reliable
  • Promote individual privacy rights while ensuring health providers have the information they need to advance high-quality care
  • Meet consumers’ expectations for accessing and sharing data while also ensuring that consumers have information about benefits and risks
  • Harmonize national, state, and local health information privacy and security laws and regulations 


1 Pew Research Center, 2019.
2 The Harris Poll, 2018.
3 JAMA Network, 2019.