More tied to UCLA snooping
California health regulators have connected 14 more people affiliated with UCLA Medical Center, including four physicians, to the improper viewing of celebrity medical records, bringing the number of current and former workers apparently implicated in the snooping scandal to 68.
The additional violations came to light in a report by the California Department of Public Health, which was sent to the hospital Friday. The findings are the latest to stem from reports in The Times about UCLA employees’ prying into records of celebrities and co-workers. The regulators faulted UCLA for failure to maintain patient confidentiality and report the breaches to regulators.
The key findings relate to the activities of Lawanda J. Jackson, a longtime administrative specialist who allegedly pried into the medical records of 61 patients, including celebrities and co-workers.
According to the new report, Jackson reviewed the records of actress Farrah Fawcett on 104 days between July 1, 2006, and May 21, 2007. She also looked at the records of pop star Britney Spears, whose medical files have been viewed inappropriately by dozens of other UCLA workers, according to the report and interviews. (Jackson is not mentioned by name in the records, nor are the celebrities involved, but The Times has confirmed their identities.)
Jackson, 49, was indicted by a federal grand jury last month for allegedly selling information to the news media from medical records of celebrity patients. If convicted, she faces up to 10 years in prison.
Jackson had been in trouble before for snooping at UCLA, according to the new state report. Regulators found that Jackson had received “written counseling” in 2005 for improperly accessing the medical records of a co-worker.
She remained on the job until Fawcett complained to her UCLA doctor about a suspected breach, shortly after the National Enquirer reported last May that the actress’ cancer was back. Fawcett had not yet told her son or closest friends about the recurrence.
Jackson resigned in July from UCLA after the hospital said it intended to fire her for “serious misconduct” in violation of federal patient privacy laws.
In an interview in April, Jackson told The Times that she did not leak information to the tabloids and that she was just “being nosy.”
The state report suggested that Jackson might have tried to hide the extent of her snooping. One of her co-workers recently acknowledged that she twice gave Jackson her password and user information, according to inspectors. The review found that the employee’s user ID was accessed from Jackson’s computer to look at 46 records.
State inspectors found that 13 other people affiliated with UCLA apparently snooped on Spears’ records between July 2006 and May 2007. That is in addition to 53 staffers identified in three previous state reports who looked at Spears’ records on other occasions. The 13 included three physicians, a physician trainee, three registered nurses, two outside contractors, a volunteer and three support staff.
Each of the employees had signed a confidentiality agreement after being hired promising to access patient information “only in the performance of assigned duties and where required or permitted by law,” the state said.
UCLA apparently did not determine the extent of the inappropriate prying until prodded recently by the state. Last month, inspectors from the health department asked a hospital official whether anyone else had inappropriately looked at the records reviewed by Jackson, and the official said, “As far as I know, no one else.”
Prompted by a state request to dig further, however, UCLA found the remaining 14 people, including Jackson’s co-worker.
Kathleen Billingsley, director for the state health department’s Center for Healthcare Quality, would not say what the state’s next steps would be, other than to work with UCLA to fix the problems. State officials have previously said that they were reviewing whether they could levy sanctions against UCLA or if additional penalties would be needed through legislation.
“We believe that this sends a clear message to the healthcare community that the confidentiality of patient medical records must be protected,” Billingsley said.
UCLA officials have said that they take the breaches seriously. The employee who gave Jackson her user ID and password has been disciplined, hospital spokeswoman Dale Tate said. Of the 13 who looked at Spears’ records, seven are no longer affiliated with UCLA, and the other six are being reviewed.
“Because these reviews are ongoing, we cannot provide additional information on the specifics of the investigation and the disciplinary actions, if any,” the hospital said in a statement.
UCLA officials have appointed a high-level committee to review privacy policies and have pledged to retrain staff and improve computer systems to increase security.
Fawcett has not commented publicly about the breaches, but in a letter sent April 30 to U.S. Atty. Thomas P. O’Brien, Fawcett asked that his office expand the scope of its criminal investigation beyond Jackson to include tabloid journalists.
“It is my personal belief that what Lawanda Jackson is most guilty of is being a pawn,” Fawcett wrote. “She worked in a hospital system that did not provide strong enough deterrents to stop their employees from breaching their patient’s medical records -- which made it all the easier for the tabloids to financially induce . . . her to invade my privacy as well as the privacy of others.”