Over 120 UCLA hospital staff inappropriately accessed the private medical records of celebrities between 2004 and 2006, violating patient privacy protocols. One employee in particular viewed the records of about 900 patients without authorization from 2003 to 2007. The hospital has since updated computer systems to better protect sensitive information like social security numbers and is retraining all staff on privacy, security, and HIPAA compliance. As a manager, it is important to continually educate staff on confidentiality policies and legal obligations through ongoing training programs to prevent future violations of patient privacy.

2. Confidentiality
Reading the Report: Over 120 UCLA Hospital Staff Saw Celebrity
Health Records article
 What training could you as a manager put into place to avoid this
situation?
 How can this training on confidentiality be effective for the
employees?

3. REPORT: OVER 120 UCLA HOSPITAL STAFF SAW CELEBRITY
HEALTH RECORDS
LOS ANGELES – More than 120 workers at a Los Angeles hospital looked
at celebrities' medical records and other personal information without
permission between January 2004 and June 2006 — nearly double the
number initially reported earlier this year, according to a state report. The
report, released Monday by the California Department of Public Health, also
said three staffers at the UCLA Medical Center continued to look at the
confidential records of a "well-known individual" after a crackdown of
record-peeking in April. The state report didn't release the name of that
celebrity. State regulators blame the hospital for not taking adequate steps to
maintain patient confidentiality. "What's startling to us is, as we get to a
point where we feel we've addressed a specific complaint and a specific
issue, we identify additional issues," said Kathleen Billingsley, director of
the health department's Center for Healthcare Quality. "It's very disturbing
to see this. State public health officials have released five reports since the
Los Angeles Times first reported UCLA employees pried into the medical
records of prominent patients, including Britney Spears, Farrah Fawcett and
California first lady Maria Shriver. The latest report said 127 workers
peeked into celebrities' medical records without permission, leading to
several firings, suspensions and warnings..
The latest report said 127 workers peeked into celebrities' medical records
without permission, leading to several firings, suspensions and warnings.
The report also detailed the case of one employee who looked at the records
of about 900 patients "without any legitimate reason" and viewed Social
Security numbers, health insurance information and addresses, from April
2003 to May 2007.Previous state reports had said the woman, Lawanda
Jackson, viewed about 60 patient records. The former administrative
specialist faces federal criminal charges for violating Fawcett's privacy. The
report said Jackson used her supervisor's password to view the records,
which officials determined by examining her workstation. After the April
violations, one nurse was fired and the two other employees received
warnings, the report said Hospital officials said computer systems have been
updated to block complete Social Security numbers and that staff is being
trained on privacy and security. The hospital also said it has notified all
patients whose privacy was breached by Jackson. "We have no excuses,"
said Dr. David Feinberg, chief executive of the UCLA Health System, in a
statement. "UCLA should have detected the violations by Ms. Jackson years
ago and should have immediately initiated the process to dismiss her.“
Feinberg said the medical center continues to investigate and all employees
found to have breached patient confidentiality were disciplined or fired.

4. CONFIDENTIALITY
“A SUBSTANTIVE RULE IN BIOETHICS SAYING THAT THE INFORMATION A PATIENT REVEALS TO A
HEALTH CARE PROVIDER IS PRIVATE AND HAS LIMITS ON HOW AND WHEN IT CAN BE DISCLOSED TO
A THIRD PARTY; USUALLY THE PROVIDER MUST OBTAIN PERMISSION FROM THE PATIENT TO MAKE
SUCH A DISCLOSURE.
PATIENT PRIVACY
AN IMPLIED AGREEMENT BETWEEN A PHYSICIAN AND A PATIENT THAT ALL INFORMATION RELATED
BY THE PATIENT IS TO BE HELD IN THE STRICTEST OF CONFIDENCE, UNLESS IT IS ILLEGAL AND/OR
DANGEROUS TO SOCIETY.” (CONFIDENTIALITY)

5. HIPPA
“HIPAA: Acronym that stands for the Health Insurance Portability
and Accountability Act, a US law designed to provide privacy
standards to protect patients' medical records and other health
information provided to health plans, doctors, hospitals and other
health care providers. Developed by the Department of Health and
Human Services, these new standards provide patients with access to
their medical records and more control over how their personal health
information is used and disclosed. They represent a uniform, federal
floor of privacy protections for consumers across the country. State
laws providing additional protections to consumers are not affected
by this new rule. HIPAA took effect on April 14, 2003.” (Definition
of HIPAA)

6. PROTOCOL WAS VIOLATED,
SECURITY AND
CONFIDENTIALITY WERE
BREECHED AND HIPPA WAS
VIOLATED WHEN:
• 127 workers peeked into
celebrities' medical records without
permission
• one employee who looked at the
records of about 900 patients
"without any legitimate reason"
• and viewed Social Security
numbers, health insurance
information and addresses,

7. HOSPITAL OFFICIALS SAID COMPUTER SYSTEMS HAVE BEEN
UPDATED TO BLOCK COMPLETE SOCIAL SECURITY NUMBERS AND
THAT STAFF IS BEING TRAINED ON PRIVACY AND SECURITY. THE
HOSPITAL ALSO SAID IT HAS NOTIFIED ALL PATIENTS WHOSE
PRIVACY WAS BREACHED BY JACKSON.

8. TRAINING AND RETRAINING
• Protocol Procedures/Reporting
• HIPPA Violations
• Breeching Confidentiality

9. BE EDUCATED AND CONTINUALLY INFORMED
ENSURING STAFF MEMBERS DO NOT VIOLATE PROTOCOL, CONFIDENTIALITY
OR HIPPA REQUIRES EDUCATING EVERYONE ON ALL REGULATIONS AND
KEEPING EVERYONE UPDATED ON ANY NEW INFORMATION REGARDING THESE
REGULATIONS. IN ADDITION EVERYONE SHOULD BE ADVISED OF THE
PENALTIES INVOLVED.

10. ENABLE ENCRYPTIONS AND FIREWALLS

11. THIS TRAINING ON CONFIDENTIALITY WILL BE EFFECTIVE FOR
THE EMPLOYEES TO PREPARE THEM FOR PROTOCOL
PROCEDURES/REPORTING, HIPPA VIOLATIONS, AND
CONFIDENTIALITY. IN ADDITION THIS TRAINING WILL REDUCE
THE RISK OF VIOLATIONS BY TEACHING THE STAFF PROPER
BEHAVIOR AND MAINTAINING A HIGH LEVEL OF AWARENESS.

12. References
Confidentiality. (n.d.). Retrieved August 08, 2016, from
http://medicaldictionary.thefreedictionary.com/confidential
Definition of HIPAA. (n.d.). Retrieved August 08, 2016, from
http://www.medicinenet.com/script/main/art.asp?articleke
Fox News. (2008). Report Over 120 UCLA hospital staff saw
celebrity health records. Retrieved from
http://www.foxnews.com/story/0,2933,398784,00.html
Shutterstock. (n.d.). Retrieved August 08, 2016, from
http://www.shutterstock.com/pic-197017403/stock-
Wolper, L.F. (2011). Health care administration: Managing
organized delivery systems (5th ed.). Boston: Jones and
Bartlett.