Dealing with Data Breaches
Qualify for a free subscription to HealthLeaders magazine.
In response, the California legislature passed a law that imposed escalating fines on hospitals for patient privacy breaches, and the state fined UCLAHS $95,000 in 2009. One employee was indicted for selling protected health information to the National Enquirer, Feinberg says.
The Office for Civil Rights launched an investigation in 2009 and determined that, from 2005 to 2008, "unauthorized employees repeatedly looked at the electronic protected health information of numerous other UCLAHS patients," according to an OCR press release. OCR announced recently that the UCLA Health System has agreed to settle its investigation into the incident for $865,500 and also to commit to a corrective action plan aimed at remedying gaps in its HIPAA compliance. This plan requires the implementation of privacy and security policies and procedures approved by OCR, "regular and robust" training for all UCLAHS employees who use PHI, sanctioning of offending employees, and an independent monitor who will assess UCLAHS compliance with the plan over three years.
Feinberg readily admits that the UCLAHS culture of several years ago did not include sufficient respect for patient privacy, but he also says that UCLAHS was not that different from other healthcare systems at that time. Respect for patient privacy has improved greatly throughout the healthcare community, partly as a result of privacy breaches that received national attention and resulted in people losing their jobs, he says.
Coming down hard on the employees who violated patient privacy sent a strong message to staff, he says.
- CMS Sets 2014 Pay Rates for Hospital Outpatient and Physician Services
- FDA hopes hospitals will switch to newly regulated pharmacies
- The 5 Biggest Healthcare Finance Trouble Spots
- Not-for-Profit Hospitals Find Opportunity Amid Uncertainty
- Nonprofit Hospital Outlook 'Negative' in 2014
- The Most Polarizing Topics in Healthcare IT
- Are ACOs Really Different from HMOs?
- How CPOE Will Make Healthcare Smarter
- Why You Should Involve Patients in Nursing Handoffs
- Rise of the Chief Strategy Officer