The University of California, Los Angeles (UCLA) Health System has agreed to pay a fine of $865,500 to settle potential HIPAA violations, the U.S. Department of Health and Human Services (HHS) announced earlier this week.
The UCLA Health System has also committed to a corrective action plan. This will require the healthcare enterprise to implement privacy and security policies and procedures approved by the HHS Office for Civil Rights. The plan also requires the system to conduct training programs for all employees who use protected health information, sanction offending employees, and designate an independent monitor who will assess compliance with the plan over a three-year period.
The resolution agreement resolves two separate complaints filed with the Office for Civil Rights on behalf of two celebrity patients who received care at the health system. The complaints alleged that UCLA Health System employees repeatedly and inappropriately accessed the electronic medical records (EMRs) of these patients.
The ensuing federal investigation into these complaints revealed that unauthorized employees repeatedly looked at the EMRs of numerous other patients.
