Jun 24, 2008 Issue | Updated Jul 2 4:06pm 
Apr 14, 2008 2:34 PM
State cites health system for breaches; UCLA takes steps to safeguard patient privacy
The California Department of Public Health cited the UCLA Health System April 11 for breaches of patient privacy that have been the subject of recent media reports.
In a letter to UC President Robert C. Dynes, Chancellor Gene Block expressed UCLA's regret over the incidents and outlined a series of steps being taken by UCLA Health Systems to help prevent such occurrences and to identify and punish individuals who violate that trust.
David Feinberg, CEO and interim associate vice chancellor of UCLA Hospital, said, "We will address the Department of Public Health's findings in a swift, disciplined and effective manner, one that helps ensure all our patients understand our unshakable commitment to the privacy of their care at UCLA."
Two confirmed incidents have recently been reported in the press. The first, which occurred May, 2007, took place when an employee looked at 61 patient records. This employee subsequently resigned while the campus was in the process of terminating her employment, Block explained. UCLA is notifying all those patients — celebrities and public officials among them — of the breach.
The second records breach — involving a high-profile celebrity — occurred last February. "The campus terminated or suspended several employees, who were identified in part through improved auditing capabilities put in place following the May incident," Block said in his letter. At the time the celebrity was being admitted, all hospital employees had received a stern warning about the possible consequences for inappropriate access to records. While the campus did not report these breaches to the State Department of Public Health, Block said UCLA's policy is to do so from now on.
Several initiatives have been launched to examine and improve UCLA’s systems and practices to safeguard patient privacy. To review and strengthen UCLA's guidelines on access to medical records, a high-level panel of hospital system and campus executives has been appointed.
In addition, there are several information technology initiatives underway to provide greater patient protection. And an audit of UCLA's information security policies and procedures in order to define best practice has been commissioned by the campus and is being performed by an outside consulting firm.
Block is also requesting that deans and vice chancellors campuswide conduct a thorough review of the practices in place throughout various departments and divisions that are designed to prevent and identify inappropriate employee access to information.
1