UCLA is fined $95,000 for violating patient privacy
Ronald Reagan UCLA Medical Center has been fined $95,000 by state officials for failing to prevent unauthorized employees from accessing patient information, the latest in a series of privacy breaches at the prestigious hospital that has struggled to protect the medical information of its celebrity patients.
The fine, one of five privacy-related penalties announced by the state Thursday, is tied to multiple violations of the same patient's records and led to the firing of two employees. Two other people who accessed the patient's information were contracted by a firm that works at the hospital, UCLA officials said.
The breaches began June 30 of last year, five days after the deaths of Michael Jackson, who died at the hospital, and Farrah Fawcett, a former patient who had previously had her UCLA medical files breached. The state report identified the person whose records were improperly viewed as a "deceased patient."
UCLA spokeswoman Dale Tate declined to identify the patient involved or whether the patient was a celebrity.
In a statement, UCLA officials said they had made a "determined effort to train and test ... employees on patient privacy laws and implemented a wide range of safeguards to ensure patient confidentiality" over the last three years.
"We are proud of the progress we have made," the statement said, noting that UCLA officials reported the breaches to the state once they learned of the problems. "However, the UCLA Health System continues its commitment to seek ways to improve and enhance our policies, procedures and infrastructures to ensure the confidentiality of our patients’ medical records."
The hospital reported the first breach to the state Aug. 5, after a medical school employee and an employee in the Department of Pathology and Medical Support Services were found to have accessed the patient’s records two days before. The medical school employee had even printed labels for laboratory tests that had been performed on the patient, according to the report.
Neither had any reason to access the records, the report said.
On Sept. 7, hospital officials reported that they had discovered a second breach of the same patient’s records by two additional employees, both contract workers with the hospital’s pathology billing service, according to the report. One accessed the patient’s records on June 30 and July 9, the other only on July 9, the hospital reported.
In an interview with state investigators, hospital staff said they had spoken with the contract employees after the breach was discovered and that they “admitted inappropriate access, they were curious.”
The fines issued Thursday came under a state law enacted in 2008 after widely publicized violations of patient privacy at UCLA involving Fawcett, singer Britney Spears, California First Lady Maria Shriver and other celebrities.
The issue of unauthorized people looking at the electronic records of celebrities has vexed the state. In 2009, California health regulators issued the first penalty under the privacy law, fining Kaiser Permanente's Bellflower hospital $437,500 for failing to prevent employees from snooping in the medical records of Nadya Suleman after she gave birth to octuplets.
-- Molly Hennessy-Fiske
Photo: Ronald Reagan UCLA Medical Center has been fined $95,000 for violating patient privacy. Credit: Los Angeles Times