Header graphic for print
Privacy Compliance & Data Security Information on Data Breach Prevention and the Appropriate Response

UCLA Health System Hospitals To Pay $865,000 For Privacy Breaches

Posted in Data Protection Law Compliance
From 2005 through 2009, UCLA Health System Hospitals ("UCLA") received complaints that its employees had viewed celebrities’ medical records without authorization.  After an investigation, federal health regulators determined that UCLA employees reviewed patients’ electronic medical records "repeatedly and without a permissible reason."  Federal health regulators found that UCLA failed to remedy the problem and discipline or retrain its staff.  Ultimately, UCLA entered into a settlement agreement with federal health regulators.  Under the settlement agreement, UCLA must pay a fine of $865,000.  The settlement agreement further requires UCLA to: (1) submit a plan to federal regulators outlining how it plans to prevent future privacy breaches; (2) retrain its staff about privacy protections; (3) institute privacy policies; (4) appoint a representative to oversee its privacy improvements; and (5) report to federal regulators for the next three years.