Media around the globe reported that Spears was involuntarily hospitalized from Jan. 31 through Feb. 6, so psychiatric staff could determine whether she was a danger to herself or others. During her hospitalization, gossip outlets and traditional news media also reported on her interactions with staff and visitors during her stay.
Now, the Los Angeles Times reports that 25 staff members, including six physicians, could be disciplined for accessing the pop star's records without authorization.
The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for securing and protecting patient health information. Hospitals have strict policies against disclosure, with some exceptions for insurance payment and law enforcement investigations. Many health providers refuse to verify that they have treated a particular patient.
UCLA's medical center said it immediately launches investigations into possible confidentiality breaches, but it could not comment on reports that 13 employees could be fired for viewing Spears' medical records. The statement named Spears and said it was the medical center's only response to reports that its staff would be fired over access to the star's records. "UCLA Health System considers patient confidentiality a critical part of our mission of teaching, research, and patient care," UCLA explained in the statement. "All staff members are required to sign confidentiality agreements as a condition of their employment and complete extensive training on HIPAA-related privacy and security issues. We have stringent policies to protect patient confidentiality and address violations of those policies. When possible confidentiality breaches arise, UCLA immediately launches an investigation and appropriate disciplinary action would then be initiated. Due to the confidential nature of both patient and personnel issues, no further information is available."
According to the Times, which cited an unnamed source familiar with the situation, 13 employees could be fired and six could be suspended, while another six physicians could be disciplined for accessing Spears' medical records.
Despite concerns that electronic health records could threaten patient privacy, statements from the hospital's compliance and privacy chief indicate that computerized records could help pinpoint culprits.
Carole Klove, chief compliance officer, told the Times that employee passwords allow the hospital to monitor employees' computer activity, including what the employee viewed and for how long.