The UCLA Health System in Los Angeles will pay a $865,500 fine, known as a "resolution agreement," and implement a three-year corrective action plan to improve its privacy and security protections following a settlement with the Department of Health and Human Services' Office for Civil Rights, which enforces the HIPAA privacy and security rules.

OCR started an investigation after receiving separate complaints in June 2009 from two celebrity patients of unauthorized access to their records. The investigation revealed that from 2005 to 2008 "unauthorized employees repeatedly looked at the electronic protected health information of numerous other UCLAHS patients," according to an OCR statement. The investigation further found that the health system failed to implement sufficient security measures or document appropriate training or sanctions.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access