"It was clear that we were going to use this incident as an opportunity to become a leader in patient privacy," Feinberg says. "Not only did we do some technological fixes, but more importantly, we made a statement to ourselves internally that this would not be tolerated, and we cleaned house. We get the same kind of celebrities now, and nobody looks."
UCLAHS implemented a number of technological improvements, including the active monitoring of about 700 cases considered at risk for inappropriate access, so that all access is reported to network administrators and upper management. Anytime one of those records is opened, the user is asked to document specifically why. Those tech solutions are important, Feinberg says, but the culture change was by far the most important improvement.
The staff at UCLAHS is 85% unionized, and Feinberg says the union has been extremely supportive about the culture change and the punishment meted out for infractions. Feinberg also leveled the playing field so that if a physician acts inappropriately with records, the course of investigation and punishment is as equal as possible when compared to a staff member.
The culture at UCLAHS today is totally different regarding patient privacy, Feinberg says. Employees and physicians now have high respect for the privacy of records and routinely self-report possible violations—almost always minor, inadvertent transgressions—and they monitor each other closely. If an employee walks away from a computer monitor and leaves a patient record on the screen, others are likely to call the person on that error and suggest closing the document, Feinberg says, even though the computer will automatically log off after a short time.
Everyone is on high alert for privacy violations now, and looking over someone's shoulder at a computer screen is likely to result in a polite rebuke, the CEO says.