Advertisement
 
YOU ARE HERE: LAT HomeCollectionsNews

UCLA hospitals to pay $865,500 for breaches of celebrities' privacy

Settlement with U.S. regulators also calls for UCLA to retrain staff and take steps to prevent future breaches. Some staff have already been fired for viewing the records of Farrah Fawcett, Michael Jackson and others.

July 08, 2011|By Molly Hennessy-Fiske, Los Angeles Times
  • Britney Spears performs at the 2011 Billboard Music Awards at the MGM Grand in Las Vegas. The complaints about the privacy breaches cover 2005 to 2009, a time during which hospital employees were repeatedly caught and fired for peeping at the medical records of dozens of celebrities, including Spears, Farrah Fawcett and then-California First Lady Maria Shriver.
Britney Spears performs at the 2011 Billboard Music Awards at the MGM Grand… (Ethan Miller / Getty Images…)

UCLA Health System has agreed to pay $865,500 as part of a settlement with federal regulators announced Thursday after two celebrity patients alleged that hospital employees broke the law and reviewed their medical records without authorization.

Federal and hospital officials declined to identify the celebrities involved. The complaints cover 2005 to 2009, a time during which hospital employees were repeatedly caught and fired for peeping at the medical records of dozens of celebrities, including Britney Spears, Farrah Fawcett and then-California First Lady Maria Shriver.

Violations allegedly occurred at all three UCLA Health System hospitals — Ronald Reagan UCLA Medical Center, Santa Monica UCLA Medical Center and Orthopaedic Hospital and Resnick Neuropsychiatric Hospital, according to UCLA spokeswoman Dale Tate.

The security breaches were first reported in The Times in 2008.

The violations led state legislators to pass a law imposing escalating fines on hospitals for patient privacy lapses.

After the law took effect on Jan. 1, 2009, state regulators fined Ronald Reagan UCLA Medical Center $95,000 in connection with privacy breaches that year that sources said involved the medical records of Michael Jackson, who was taken to the hospital after his death in June 2009.

The same month, the U.S. Department of Health and Human Services' Office for Civil Rights began investigating alleged violations of the federal Health Insurance Portability and Accountability Act at the hospitals, according to the settlement agreement.

Investigators found that UCLA employees examined private electronic records "repeatedly and without a permissible reason" in 2005 and 2008, including an employee in the nursing director's office, according to the agreement reached Wednesday.

The employee was not named in the agreement, and the hospital spokeswoman declined to identify who it was. But the timing and description of the alleged violations cited in the agreement suggest that it may have been Lawanda Jackson, an administrative specialist at Ronald Reagan UCLA Medical Center who was fired in 2007 after she was caught accessing Farrah Fawcett's medical records and allegedly selling information to the National Enquirer.

Jackson later pleaded guilty to a felony charge of violating federal medical privacy laws for commercial purposes but died of cancer before she could be sentenced. Fawcett died of cancer in 2009.

Federal investigators faulted the hospital system for failing to remedy the problems, discipline or retrain staff.

"Employees must clearly understand that casual review for personal interest of patients' protected health information is unacceptable and against the law," Georgina Verdugo, director of the Office for Civil Rights, said in a statement Thursday, adding that healthcare facilities "will be held accountable for employees who access protected health information to satisfy their own personal curiosity."

As a condition of the settlement, UCLA Health System was required to submit a plan to federal regulators detailing how officials would prevent future breaches. They agreed to retrain staff on privacy protections, formulate privacy policies, appoint a monitor to oversee improvements and report to regulators for the next three years.

UCLA Health System released a statement Thursday noting that, "Over the past three years, we have worked diligently to strengthen our staff training, implement enhanced data security systems and increase our auditing capabilities."

"Our patients' health, privacy and well-being are of paramount importance to us," said Dr. David T. Feinberg, chief executive of the UCLA Hospital System. "We appreciate the involvement and recommendations made by OCR in this matter and will fully comply with the plan of correction it has formulated. We remain vigilant and proactive to ensure that our patients' rights continue to be protected at all times."

Tate said the money would be paid to federal health regulators.

molly.hennessy-fiske@latimes.com

Advertisement
Los Angeles Times Articles
|
|
|