Dealing with Data Breaches

Greg Freeman for HealthLeaders Media , January 23, 2012
Are you a health leader?
Qualify for a free subscription to HealthLeaders magazine.

In response, the California legislature passed a law that imposed escalating fines on hospitals for patient privacy breaches, and the state fined UCLAHS $95,000 in 2009. One employee was indicted for selling protected health information to the National Enquirer, Feinberg says.

The Office for Civil Rights  launched an investigation in 2009 and determined that, from 2005 to 2008, "unauthorized employees repeatedly looked at the electronic protected health information of numerous other UCLAHS patients," according to an OCR press release. OCR announced recently that the UCLA Health System has agreed to settle its investigation into the incident for $865,500 and also to commit to a corrective action plan aimed at remedying gaps in its HIPAA compliance. This plan requires the implementation of privacy and security policies and procedures approved by OCR, "regular and robust" training for all UCLAHS employees who use PHI, sanctioning of offending employees, and an independent monitor who will assess UCLAHS compliance with the plan over three years.

Feinberg readily admits that the UCLAHS culture of several years ago did not include sufficient respect for patient privacy, but he also says that UCLAHS was not that different from other healthcare systems at that time. Respect for patient privacy has improved greatly throughout the healthcare community, partly as a result of privacy breaches that received national attention and resulted in people losing their jobs, he says.

Coming down hard on the employees who violated patient privacy sent a strong message to staff, he says.

1 | 2 | 3 | 4 | 5

Comments are moderated. Please be patient.

1 comments on "Dealing with Data Breaches"

Stephen Dailey (1/18/2012 at 12:16 PM)
David: One component of Data Breeches that you did not comment upon is those breaches that do not occur at the provider faciilty and staff level. As a consultant for the Blue Cross and Blue Shield Association in 1994 and 1995 it was routine to access and use Hillary Clinton's Health Insurance Records to introduce staff to the National Accounts Claim System. I recall what I was shown in her insurance claims but will not share it. I was horrified. If health professionals have difficulty keeping their mouths shut and maintaining confidentiality, imagine the mountain 3rd party insurance payors must climb with simple claims examiners looking at records. Sure there are by now changes in policy in place but just imagine. Stephen Giles Dailey, FACHE 3729 Rhetts Landing Belleville, IL 62221




FREE e-Newsletters Join the Council Subscribe to HL magazine


100 Winners Circle Suite 300
Brentwood, TN 37027


About | Advertise | Terms of Use | Privacy Policy | Reprints/Permissions | Contact
© HealthLeaders Media 2015 a division of BLR All rights reserved.