Even after UCLA Medical Center warned employees that it was cracking down on unauthorized access to medical records, the privacy of a "well-known individual" was breached by two nurses and an emergency room technician who called up the patient's computerized records in mid-April, according to a critical state report released Monday.
The California Department of Public Health also found that nearly twice as many medical center employees as had previously been reported peeked at confidential medical records at UCLA. Nearly 60 additional employees gained improper access to records between January 2004 and June 2006, the report said, bringing the total number of workers implicated in the growing scandal to 127.
Monday's report was the fifth by the public health agency following articles in The Times this year about UCLA employees' prying into the records of celebrities and prominent patients, including California First Lady Maria Shriver, actress Farrah Fawcett and singer Britney Spears.
State regulators continue to fault the hospital for failure to take adequate steps to maintain patient confidentiality. After the April violations, the report said, one nurse was fired and the two other employees received warnings.
The latest findings detail how one employee -- a former administrative specialist who faces federal criminal charges for violating Fawcett's privacy -- looked at the records of 939 patients "without any legitimate reason" from April 2003 to May 2007. In previous reports, the state had linked her to viewing the records of about 60 patients. She also looked at other personal information, including Social Security numbers, the state now says.
"What we're seeing here is a clear pattern of repeated violations of patient medical records and patient confidentiality by UCLA," said Kim Belshe, secretary of the state's Health and Human Services Agency. "It is absolutely unacceptable."
Kathleen Billingsley, director of the state health department's Center for Healthcare Quality, confirmed that 127 UCLA workers have been implicated and said investigations into other breaches at the hospital continue.
"What's startling to us is, as we get to a point where we feel we've addressed a specific complaint and a specific issue, we identify additional issues," she said. "It's very disturbing to see this."
The hospital said it has notified all patients whose privacy was breached by the indicted woman, Lawanda Jackson, and it has updated its systems to block complete Social Security numbers from its main clinical systems. It also has initiated new training on privacy for all staff and is enhancing security in its records systems.
"We have no excuses," Dr. David Feinberg, chief executive of the UCLA Health System, said in a statement. "UCLA should have detected the violations by Ms. Jackson years ago and should have immediately initiated the process to dismiss her."
Feinberg said the medical center continues to investigate.
"All other employees who were found to have violated patient confidentiality during our review have been disciplined, including some who have been terminated," he said. "On behalf of the entire leadership of the UCLA Health System, I am deeply sorry for this failure, and the personal distress these breaches may have caused."
Of the 59 employees newly linked to the breaches, 24 still worked at UCLA when they were identified, the state said. The hospital has proposed firing seven, suspending six for two to three weeks each and providing verbal or written warnings to eight others, the latest report says. Three remain under investigation.
In part because of the breaches, Gov. Arnold Schwarzenegger has endorsed legislation that would impose penalties on hospitals and healthcare workers for breaching patient privacy.
"Californians have every right to expect their medical records to be safeguarded and protected, and I am alarmed about repeated violations of patient confidentiality and the potential harm to the citizens of this state," Schwarzenegger said in a statement. "By putting financial penalties in place for those employees and facilities that do not follow these laws, this legislation will lead to better care for all Californians."
Under the legislation, being carried by Sen. Elaine Alquist (D-Santa Clara) and Assemblyman Dave Jones (D-Sacramento), healthcare workers who unlawfully view patient records would be fined from $1,000 to $250,000, depending on the seriousness of the violation. Hospitals and other health facilities would face fines of $25,000 to $250,000 for similar violations.
The legislation also would increase penalties for hospitals found to have put patients in jeopardy of harm or death, to $100,000 from $25,000.