The UCLA Medical Center has been in the spotlight lately for its recent issues with patient privacy, and a fourth report on the issue recently revealed new information.
The California Department of Health Services report revealed that 13 additional people, ranging from physicians to a volunteer, have been identified as accessing Britney Spears’ health records without proper authorization.
Spears had an alias while in the hospital, but after her stay there the alias was abandoned so that all of her medical information would remain together, according to the department’s report.
Spears’ name and the names of the other patients and employees were not used in the report, but the Los Angeles Times said the identities had been verified in its coverage of the findings.
“This is the fourth report we have released about breaches at UCLA Health System, which includes several facilities,” said Suanne Buggy, a spokeswoman for the California Department of Public Health.
The report was spurred by the inappropriate access of Farrah Fawcett’s medical records between July 1, 2006 and May 21, 2007.
The additional 13 people were discovered when the department requested that the 61 records that had been inappropriately accessed by Lawanda Jackson, previously an administrative specialist, be checked for further privacy breaches. The records accessed were those of well-known individuals, celebrities and other hospital employees.
The report shows that in 2004 Jackson looked at a fellow employee’s file without proper authorization or reason. She received “written counseling” for the privacy breach.
Dale Tate, a spokeswoman for the UCLA Medical Center, confirmed that employees are required to sign a written confidentiality agreement and complete patient privacy training online.
According to the report, one of these 13 employees had claimed in a previous hospital investigation to have given her user identification and password to Jackson, who used it to access the files.
It was confirmed that the 46 files that were inappropriately accessed with her user identification and password were performed at Jackson’s work station.
This employee has been disciplined, Tate said in a statement to the Times.
The report also stated that UCLA Medical Center did not appropriately report the privacy breaches to the Department of Health Services.
UCLA Medical Center must issue a plan of correction to the department within 10 working days after the department’s report was issued, Buggy said.
The department will then work with the medical center to finalize the corrections, she said.
One correction includes the formation of a panel that will go over and improve guidelines for access to medical records and audit medical record views, said Chancellor Gene Block in a letter to the University of California president. A consulting firm has also been enlisted to make recommendations for corrections.
Other improvements detailed in Block’s letter include performing audits at the request of patients and upgrading to a system that further restricts access and requires a reason for this access.