UCLA pays $865,500 to settle celebrity medical record snooping case
UCLA Health System has agreed to pay $865,500 as part of a settlement with federal regulators Wednesday after two celebrity patients alleged hospital employees broke the law and reviewed their medical records without authorization.
Federal and hospital officials declined to identify the celebrities involved. The complaints cover 2005 to 2009, a time during which hospital employees were repeatedly caught and fired for peeping at the medical records of dozens of celebrities, including Britney Spears, Farrah Fawcett and former California First Lady Maria Shriver.
The security breaches were first reported in The Times in 2008.
The violations led state lawmakers to pass a law imposing escalating fines on hospitals for patient privacy lapses.
After the law took effect on Jan. 1, 2009, state regulators fined Ronald Reagan UCLA Medical Center $95,000 in connection with privacy breaches that year that sources said involved the medical records of Michael Jackson, who died at the hospital in June 2009.
The same month, the U.S. Department of Health and Human Services' Office for Civil Rights began investigating alleged violations of the federal Health Insurance Portability and Accountability Act at the hospitals, according to the settlement agreement.
The employee was not named in the agreement, but appears to be Lawanda Jackson, an administrative specialist at Ronald Reagan UCLA Medical Center who was fired in 2007 after she was caught accessing Fawcett’s medical records and allegedly selling information to the National Enquirer. Jackson later pleaded guilty to a felony charge of violating federal medical privacy laws for commercial purposes but died of cancer before she could be sentenced. Fawcett died of cancer in 2009.
The settlement did not say at which facilities the breaches occurred.
Federal investigators faulted the hospital system for failing to remedy the problems, discipline or retrain staff.
As a condition of the settlement, UCLA Health System was required to submit a plan to federal regulators detailing how officials would prevent future breaches. They agreed to retrain staff on privacy protections, formulate privacy policies, appoint a monitor to oversee improvements and report to regulators for the next three years.
UCLA Health System released a statement Thursday noting that, “Over the past three years, we have worked diligently to strengthen our staff training, implement enhanced data security systems and increase our auditing capabilities.”
"Our patients' health, privacy and well-being are of paramount importance to us," said Dr. David T. Feinberg, chief executive of the UCLA Health System. "We appreciate the involvement and recommendations made by OCR in this matter and will fully comply with the plan of correction it has formulated. We remain vigilant and proactive to ensure that our patients' rights continue to be protected at all times."
UCLA said the money would be paid federal health regulators.
-- Molly Hennessy-Fiske
Photo: Farrah Fawcett chronicled her battle with cancer in "Farrah's Story." Credit: NBC