A UCLA Medical Center worker who sneaked into the confidential medical records of '70s TV icon Farrah Fawcett last year also improperly viewed the electronic files of 32 other celebrities, politicians and high-profile patients, including California first lady Maria Shriver, according to interviews with hospital and state officials Sunday.
The breaches expose UCLA to state sanctions and amount to a major embarrassment for one of the nation's preeminent medical centers. The UCLA employee allegedly looked up information on noncelebrity patients as well, accessing 61 patients' records without permission in 2006 and 2007, state and hospital officials said.
For The Record
Los Angeles Times Tuesday, April 08, 2008 Home Edition Main News Part A Page 2 National Desk 1 inches; 44 words Type of Material: Correction
UCLA: A Section A article Monday on breaches of the private files of UCLA patients said Dr. David Feinberg joined UCLA in July. He became chief executive of the UCLA Hospital System in July; before that he was medical director of UCLA's neuropsychiatric hospital.
"We are very concerned by what appears to be a pattern of repeated violations," said Kim Belshe, secretary of the state's Health and Human Services Agency.
"It's not a question of will we take action," she added. "It's determining what level of action to take."
UCLA said it learned about the widespread breaches last May and terminated the employee the same month. Officials would not provide her name or title but said she did not work in direct patient care. Employees in such departments as billing and admitting also have access to medical record systems.
In an interview Sunday, Dr. David Feinberg, chief executive of the UCLA Hospital System, apologized for the breaches. He described the employee who snooped as "rogue."
"This person should not have been looking at those records," he said.
Based on a review of the employee's e-mails and phone calls, he said, the hospital found no evidence that the information was leaked to tabloids or otherwise was shared inappropriately.
Feinberg acknowledged that UCLA had not notified the affected patients, nor did it inform state health regulators or criminal authorities about the problems. The privacy of medical records is protected under state and federal laws, which carry such penalties as prison terms, fines or both for inappropriately accessing or selling such information.
UCLA officials initially determined that alerting authorities and the patients involved was not required, but they are reconsidering whether to notify the patients.
"As this becomes more public, that may change our minds," said Feinberg, who joined UCLA last July.
He pledged that UCLA would work closely with the state Department of Public Health in its investigations. But he also said the medical center had since last May made "great strides" in improving the security of its systems to decrease the risk of privacy violations.
