Health Information Management

UCLA Health System settles HIPAA violations for $865,500

HIM-HIPAA Insider, July 26, 2011

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

HHS entered into its third largest settlement for potential HIPAA privacy and security rule violations reaching a resolution agreement of $865,500 with the University of California at Los Angeles Health System (UCLAHS) earlier this month.

UCLAHS also agreed to a corrective action plan in order to fix “gaps in its compliance” with HIPAA’s privacy and security rules, according to a report on the HHS website.
The Office for Civil Rights (OCR), which enforces HIPAA under HHS, investigated the health system following two separate complaints filed by two celebrity patients. OCR said UCLAHS employees repeatedly and without permissible reason looked at the celebrities’ electronic PHI as well as that of other UCLAHS patients.
 
“Covered entities are responsible for the actions of their employees,” OCR Director Georgina Verdugo said in a press release. “This is why it is vital that trainings and meaningful policies and procedures, including audit trails, become part of the everyday operations of any healthcare provider. Employees must clearly understand that casual review for personal interest of patients’ protected health information is unacceptable and against the law.”

Read more on the HIPAA Update blog. 



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular