More than 120 UCLA hospital workers inappropriately accessed celebrity and patient medical records between 2003-2007, violating patient privacy and confidentiality. One employee viewed over 900 patient records without authorization. Two employees were fired and faced criminal charges for viewing celebrity and 60 other patient records. The hospital updated its computer system and security training to block display of full social security numbers following this breach. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 provides federal protections for personal health information and addresses security and privacy of health data. HIPAA training must teach employees how to protect protected health information at individual and organizational levels. All employees dealing with health information should sign confidentiality agreements.