UCLA Health System Settles HIPAA Privacy and Security Case

Posted on July 8, 2011 by Michael Cassidy

UCLA Health System ("UCLAHS") has agreed to settle potential HIPAA Privacy and Security Rule violations for $865,000 after an investigation by the Department of Health and Human Services Office for Civil Rights ("OCR").  UCLAHS has committed to a corrective action plan for compliance purposes.

“Covered entities are responsible for the actions of their employees. This is why it is vital that trainings and meaningful policies and procedures, including audit trails, become part of the everyday operations of any health care provider,” said OCR Director Georgina Verdugo. “Employees must clearly understand that casual review for personal interest of patients’ protected health information is unacceptable and against the law.”

The corrective action plan requires UCLAHS to implement Privacy and Security policies and procedures approved by OCR, to conduct regular and robust trainings for all UCLAHS employees who use protected health information, to sanction offending employees, and to designate an independent monitor who will assess UCLAHS compliance with the plan over 3 years.

“Covered entities need to realize that HIPAA privacy protections are real and OCR vigorously enforces those protections. Entities will be held accountable for employees who access protected health information to satisfy their own personal curiosity,” said Director Verdugo.

For more information:

http://www.hhs.gov/news/press/2011pres/07/20110707a.html

 

Tags:
Trackbacks (0) Links to blogs that reference this article Trackback URL
http://www.medlawblog.com/admin/trackback/253380
Comments (0) Read through and enter the discussion with the form at the end
Post A Comment / Question Use this form to add a comment to this entry.







Remember personal info?
Send To A Friend Use this form to send this entry to a friend via email.