UCLA Health System Employee News

Heart Walk 2008

“Priceless” Patient Experience

New Physician Directory Online

UCLA Responds to Metrolink Train Accident

Unconditional Warmth

Hospital Heroes

JCAHO Accreditation

New Environment for Healing

Adopt-a-Family for the Holidays

UCLA Medical Group Ranking

New Legislation about Patient Privacy

UCLA vs. USC Bone Marrow Challenge

Dribble for the Cure

Politics & Realities of Global & Local AIDS

Open Enrollment

Children's Hospital Bond Act

Wellness Initiatives

National Healthcare Quality Week

DOWNLOAD PDF

OCTOBER 2008

INSIDE STORIES

New Legislation Toughens Punishment For Health Facilities, Employees Violating Patient Privacy

Legislative bills recently signed into law by Governor Arnold Schwarzenegger will make it easier for California state officials to assess and enforce fines against health facilities and individuals who violate patient privacy. The new legislation reinforces existing federal and state laws designed to protect patient privacy and confidentiality.

Under Senate Bill 541, health facilities may receive a minimum fine of $25,000 for a single patient privacy breach. When the breach is repeated or involves multiple individuals, the fine may range up to $250,000. Assembly Bill 211 creates a new entity within the California Health and Human Services Agency – the Office of Health Information Integrity – which may impose penalties against individuals up to $250,000 for unlawful access, use or disclosure of patients' medical information. The bill also requires healthcare organizations to prevent privacy breaches within their facilities.

UCLA Health System has established a number of practices to ensure the privacy and confidentiality of patient medical records. The Office of Compliance and Privacy regularly provides online education sessions and distributes security awareness bulletins to the UCLA Health System workforce of more than 17,000 physicians, faculty, clinical and non-clinical employees, volunteers and students. Compliance staff members also visit hospital units and clinics to emphasize privacy practices such as disposing of confidential information safely, securing computer terminals and fax machines and protecting employee passwords. Additionally, UCLA uses information technology to detect potential privacy breaches.

"We conduct daily audits of medical records, and every key stroke is recorded," explains Carole A. Klove, UCLA Health System's chief compliance and privacy officer. "Using the employee's password, we can track exactly which screens are viewed, by whom and for how long. When an employee inappropriately accesses a patient's medical record, it's a violation which will be investigated."