UCLA Health System settles HIPAA suit

Jeff Byers | | Health Exec | Precision Medicine
The University of California at Los Angeles Health System (UCLAHS) has agreed to settle potential violations of HIPAA privacy and security rules for $865,500 following an investigation by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). UCLAHS must also implement a corrective action plan aimed at remedying gaps in its compliance with the rules.

The agreement resolves two separate complaints filed with OCR on behalf of two celebrity patients who received care at UCLAHS, according to a statement from HHS. The complaints alleged that UCLAHS employees repeatedly and without permissible reason looked at the electronic protected health information of these patients. OCR’s investigation into the complaints revealed that from 2005-2008, unauthorized employees repeatedly looked at the electronic protected health information of numerous other UCLAHS patients.

Entities covered under HIPAA must, through policies and procedures, reasonably restrict access to patient information to employees with a valid reason to view the information, and must sanction any employee who is found to have violated these policies.

According to the HHS, the corrective action plan requires UCLAHS to:
  • Implement privacy and security policies and procedures approved by OCR;
  • Conduct regular and robust trainings for all UCLAHS employees who use protected health information;
  • Sanction offending employees;
  • Designate an independent monitor who will assess UCLAHS compliance with the plan over three years.

The resolution agreement and corrective action plan can be found on the OCR website here.

Jeff Byers

Related Content

Pitching the business case for 3D printing labs in radiology
FDA issues first-ever clearance for OTC oximeter
Augmented reality company secures $15M in funding from Cleveland Clinic, Mayo, GE Healthcare and more
Merck to acquire Prometheus Biosciences for $10.8B
Johnson & Johnson scraps RSV vaccine after trial
Intermountain Health launches new biotech company

Around the web

Cardiovascular Business
Payment cuts and beyond: Key takeaways for cardiologists from the 2025 Medicare Physician Fee Schedule

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

AI in Healthcare
A modest proposal to rally AI regulators around a simple game plan

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

Cardiovascular Business
FDA commissioner urges clinicians to join fight against medical misinformation

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Design by Adaptive Theme
Trimed Popup
Trimed Popup