120 UCLA hospital employees inappropriately viewed celebrity medical records between 2004 and 2006, violating HIPAA guidelines. The California Department of Public Health reported the incident and required the hospital to submit an action plan. HIPAA violations can result in legal consequences for both individuals and organizations. The hospital must now review policies and procedures, implement an auditing system, provide mandatory training, and update IT systems to better protect patient privacy and confidentiality as required by law.
1. Created by: Lisa Welsh
MHA690: Health Care Capstone
Dr. Jerry Crouch
2. Report released by California Dept. of Public Health
Required case involved 120 UCLA hospital employees
Employees inappropriately viewed celebrity medical records,
not related to their required job functions
These HIPAA violations occurred between January 2004 and
June 2006
State regulators blame the hospital for not protecting
celebrity’s confidentiality. Require action plan from
Administration
3. All health care employees must abide by HIPAA guidelines. This
protects the patient’s rights and keeps their best interest as priority.
HIPAA violations can be subject to legal consequences, both the
organization and the employee can be held responsible.
Understanding 5 major components to HIPAA’s privacy rule:
o Boundaries – PHI may be disclosed for health purposes only
o Security – PHI can not be shared with the patient’s authorization
o Consumer control – patients are entitled to their health records and are to be
informed when their information is shared
o Accountability – persons or organizations that misuse PHI can be criminally
charges
o Public responsibility – the interests of individuals can not exceed those in public
health, research, the prevention of health care fraud or law enforcement
4. Review of current policies and procedures, update where
necessary
Implement internal auditing tracking system to ensure
patient’s privacy is not violated
Complete mandatory employee compliance training, due
annually for existing employees and included in new
employee orientation for new employees
Update any IT systems and ensure security compliance
5. The hospital’s priority is on protecting the patient’s right
to confidentiality during their medical care. Potential
violations could lead to legal or financial consequences.
As healthcare employees, it is each employees personal
responsibility to protect patient’s information and report
potential violations to authority.
6. American Medical Association. (2016). HIPAA Violations and
Enforcement. Retrieved from American Medical Association:
http://www.ama-assn.org/ama/pub/physician-resources/solutions-
managing-your-practice/coding-billing-insurance/hipaahealth-
insurance-portability-accountability-act/hipaa-violations-
enforcement.page?
How to File a Health Information Privacy or Security Complaint.
(2016). Retrieved from HHS.gov: http://www.hhs.gov/hipaa/filing-a-
complaint/complaint-process/index.html