CONFIDENTIALITY: UCLA AND CELEBRITY RECORDS

EDWARD STANFORD MD

MHA 690

PROF DAVID COLE

OCT 2, 2014

LA Times reported (2008)

“For decades, tabloids have made a cottage

industry of star ailments”

Examples:

-Dean Martin’s declining health

-Rock Hudson’s AIDS diagnosis

-Bob Hope’s final years in and out of hospitals

-Brittany Spears, Farrah Fawcett, drug overdose of Dennis Quaid’s twins, Patrick Swayze near death

Blankenstein, A (2008)

Serious breech of doctor-patient confidentiality127 UCLA Medical Center employees were fired, suspended, and warned for viewing Social Security numbers, health insurance information, and addresses from April 2003-May 2007. Lawanda Jackson, 50, pleads guilty to felony charges of violating federal medical privacy law for commercial purposes but dies prematurely (LA Times, 2009)

California Department of Public Health cites prior occurrences (Law, 2009).

Laws violated:

Health Insurance Portability Accountability Act (the “Privacy Rule”)

Confidentiality of Medical Information Act (California Civil Code -56 et seq)

Lanterman-Petris-Short Act (California Welfare & Institutions Code – 5000 et seq)

State information Practices Act (California Civil Code sections 1798 et seq)

UCLA Mission and Vision“Our mission is to deliver leading-edge patient care, research, and education”

“Our vision is to heal humankind, one patient at a time, by improving health, alleviating suffering and delivering acts of kindness” (UCLAhealth.org. 2014)

“UCLA Health System has stringent policies familiar to all employees to protect patient confidentiality. All staff and faculty members, contractors, volunteers and other workers are required to sign confidentiality agreements as a condition of their employment and they complete extensive training on federal Health Insurance Portability and Accountability Act – related privacy and security issues” (UCLA newsroom, 2008)

LESSONS LEARNED- Must restrict access to only those who MUST have patient information access

- Must implement way to keep track of who accesses/accessed an individual’s information

- Covered entities are responsible for the actions of their employees

UCLA paid over $860,000 in fines

(abouthipaa.com, 2011)

STAFF TRAINING OUTLINEAll staff (physicians, nurses, ancillary staff) with access to patient information – MANDATORY

What is HIPAA – terms and concepts

What is health information

What is protected health information

What is electronic protected health information

Conducting a fair investigation

Zero tolerance for HIPAA patient privacy violations

Business partners must sign confidentiality agreements

Fines imposed for HIPAA violations

HIPAAThe HIPAA privacy provision took effect on April 14, 2003. Key privacy provisions include the following:

•Patients must be able to access their record and request correction of errors.

•Patients must be informed of how their personal information will be used.

•Patient information cannot be used for marketing purposes without the explicit consent of the involved patients.

•Patients can ask their health insurers and providers to take reasonable steps to ensure that their communications with the patient are confidential. For instance, a patient can ask to be called at his or her work number, instead of home or cell phone number.

•Patients can file formal privacy-related complaints to the US Department of Health and Human Services Office for Civil Rights.

•Health insurers or providers must document their privacy procedures, but they have discretion on what to include in their privacy procedure.

•Health insurers or providers must designate a privacy officer and train their employees.

•Providers may use patient information without patient consent for the purposes of providing treatment, obtaining payment for services, and performing the non-treatment operational tasks of the provider’s business.

Pozgar, 2012, p 295

STAFF TRAINING

What is HIPAA HIPAAHealth Insurance Portability and Accountability

Act 1996

Title I Title II Title III Title IV Title V

Insurance Portability

Tax RelatedHealth Provision

RevenueOffsets

Fraud and AbuseMedical LiabilityReform

AdministrativeSimplification

Group HealthPlan Requirements

Individually Identifiable health Information

Health Information – any that is created or received by a health care provider, health plan, employer, or health care clearinghouse (HIPAA, 1996)

Can involve – past, present, future physical or mental health or condition of an individual, provision of health care, and payments for the provision of health care (45 CFR 160.103, DHHS, 2009)

Protected Health Information (PHI)Examples:

Medical records

Billing records

Any record containing sufficient

information to identify

the individual (DHHS, 2009).

HealthInformation

Individually Identifiable HealthInformation

Protected HealthInformation

Adapted fromHHShipaasagtraining.com, 2009

Electronic Protected Health Information (ePHI)

Any protected health information that is maintained in or transmitted in electronic media

CONCLUSIONSAll medical providers who have any access to a patient’s medical information should understand HIPAA

All medical providers should receive MANDATORY training and understand a zero tolerance for violations

Only individuals who MUST have access to PHI should be allowed access

Employers are responsible for the actions of their employees

REFERENCESAboutHIPAA (2011). Specific lessions from HIPAA privacy and security case at UCLA health system. Accessed from www.abouthipaa.comOct 1, 2014

Blankenstein, A Eyes on celebrity records multiply. May 20, 2008 Accessed from www.latimes.com. Oct 1, 2014.

DHHS (2009). Accessed from www.DHHS.org. Oct 1 2014.

HHShipaasagtraining (2009). Accessed from www.hhshipaasagtraining.com Oct 1, 2104.

HIPAA (1996). Accessed from www.gov.org. Oct 1, 2014.

LA Times (2009). Ex-hospital worker convicted in patient record leaks dies. Accessed from www.articles.latimes.com. Oct 1 2014.

Law, M. (2009). The celebrity California UCLA medical center scandal: Snooping on Celeb Records. Accessed from www.uslaw.com. Oct 1, 2014

Pozgar, G. D. (2012) Legal Aspects of Health Care Administration, 11th Edition. Jones & Bartlett Publishers.

UCLA (2014). Accessed from www.uclahealth.org. Oct 1, 2014.

UCLA Newsroom (2008). ULCA Health system statement on patient confidentiality. Accessed from www.newsroom.ucla.edu. Oct 1, 2014.