(AP) — Years after hospital employees were accused of snooping into the medical records of celebrity patients, the UCLA Health System has agreed to pay an $865,000 settlement for potential violations of federal privacy laws. The settlement that UCLA reached with federal regulators did not name the stars involved and did not require the hospital system to admit liability. The investigation by the U.S. Department of Health and Human Services revealed that workers repeatedly accessed patients' electronic health records between 2005 and 2008.
The hospitals have agreed to report to a federal monitor on the implementation of its corrective plan over the next three years. In a statement Thursday, UCLA said it has taken steps over the past three years to re-train staff and strengthen its computer systems. UCLA Hospital System CEO Dr. David T. Feinberg said the university's facilities will "remain vigilant and proactive to ensure that our patients' rights continue to be protected at all times."
In 2008, California Department of Public Health officials announced results of their own investigation into the privacy breaches and found that UCLA hospital workers inappropriately accessed records of 1,041 patients since 2003. The hospital later disciplined 165 employees through firings, suspensions and warnings. At least two former UCLA employees have faced criminal charges for medical privacy violations. Former administrative specialist Lawanda Jackson, 50, pleaded guilty to selling information to the National Enquirer from the files of Britney Spears, Farrah Fawcett and other high-profile celebrities. She died from complications of breast cancer before she could be sentenced.
Former medical school researcher Huping Zhou was sentenced to four months in federal prison and fined $2,000 for reading the confidential medical files of co-workers and celebrities such as Drew Barrymore, Arnold Schwarzenegger and Tom Hanks. Zhou was not accused of selling the information and claimed that, as a Chinese national, he didn't know it was a violation of U.S. law to peep into the files. The headline-grabbing breaches led California legislators to pass a bill boosting the maximum fine for privacy breaches at health facilities from $25,000 to $250,000.