State health regulators have fined Ronald Reagan UCLA Medical Center $95,000 for allowing unauthorized employees to view a patient's medical records, a breach that sources indicated targeted the files of Michael Jackson.

The fine, one of six privacy-related penalties state officials announced Thursday, stems from multiple violations that led to the firing of two hospital employees. Two hospital contract workers were also fired for accessing the same patient's information, UCLA officials said.

The state identified the person whose files were breached only as "a deceased patient." A source close to Jackson's case said his legal team had previously been informed by UCLA officials that the singer''s medical files had been improperly accessed after his unexpected death June 25 last year at the age of 50. Several attorneys who work for Jackson's estate and his family members did not immediately return calls.

UCLA officials said the breaches resulting in the fine are the only recent instances of privacy violations. The prestigious hospital has struggled to protect the privacy of its celebrity patients, including Britney Spears, Farrah Fawcett and California First Lady Maria Shriver, violations that led to the 2008 state law used to fine the hospital in the most recent case.

Jackson was pronounced dead at the Westwood hospital after being taken by ambulance from his rented Holmby Hills mansion. According to the state report, the breaches began June 30 of last year, five days after Jackson was killed by a combination of surgical anesthetic and other medication allegedly administered to him by his private doctor.

Hospital officials notified the patient's family as soon as the breaches were discovered, said UCLA spokeswoman Dale Tate. She said the internal investigation found that no information had been sold.

"There wasn't anything they saw that was worth selling," Tate said. "We have systems in place that put up barriers. You're not authorized to look at certain things. You can only go so far."

Officials at the state's Office of Health Information Integrity were still investigating the employees' actions this week, spokesman Scott Murray said. The employees could potentially face criminal charges and financial penalties, he said.

California Department of Public Health officials declined to identify the UCLA patient or whether the person was well-known. Kathleen Billingsley, deputy director of the department's Center for Health Care Quality, said she does not view celebrities any differently from other patients when it comes to medical privacy.

"Medical privacy is a fundamental right," Billingsley said. "Every Californian treated at a hospital should not have to worry about who is viewing their medical information."

By Molly Hennessy-Fiske
Los Angeles Times
June 11, 2010

Anthem Blue Cross has alerted an estimated 230,000 applicants for coverage that their personal medical records and Social Security numbers may have been wrongfully accessed in a data breach.

The company, a wholly owned subsidiary of WellPoint Inc., said in a statement the breach was linked to a systems upgrade completed last October. The insurer stated that a third-party security vendor certified that all proper privacy safeguards were in place. In fact, they weren't, Anthem claimed.

The snafu allowed "a small number of individuals" to manipulate Anthem's applicant web page "for a relatively short period of time" and gain "unauthorized access to certain private information." Efforts to reach various Anthem officials for further details were not immediately successful.

The "vast majority" of the unauthorized accesses "occurred at the hands of certain attorneys...to support a class action against Anthem" concerning the breach, the statement said.

The pool of affected applicants - comprised of persons under 65 who were applying for individual policies - will be offered identity protection services for one year at no cost, Anthem stated.

Anthem's breach is the latest in a series of insurance-related security lapses that have exposed private information and medical records to potential jeopardy. Last October, someone stole 57 audio and video discs from a customer service storage area in Chattanooga controlled by BlueCross BlueShield of Tennessee. According to the American Medical Association, authorities estimate as many as one million individuals' records may have been compromised in the theft (BestWire, Jan 14, 2010).

Then in January, AvMed, a Florida-based nonprofit health maintenance organization and commercial insurer, disclosed on its website that two laptops with some 200,000 personal records, including names, addresses, Social Security numbers and health information, had vanished in December 2009 from its Gainesville home office.

Anthem Blue Cross is the trade name of Blue Cross of California. Its parent, WellPoint, an Indiana-domiciled company, is one of the largest U.S. health benefits company serving over 33 million members, according to A.M. Best's BestLink, which provides online access to A.M. Best's Global Insurance & Banking Database.

Anthem Blue Cross Life and Health Insurance Co. currently has a Best's Financial Strength Rating of A (Excellent).

Shares of WellPoint (NYSE:WLP) closed at $50.86 on June 28, down 1.72% from their previous close.

By Dennis Gorski
Managing Editor
Best's Review Magazine - Insurance News
June 28, 2010

Florida's attorney general is telling customers of AvMed Health Plans to monitor their credit statements after two laptops containing around 1.2 million members' records were stolen at the insurer's Gainesville, Fla., headquarters in December.

Included in the stolen files are former and current subscribers' Social Security numbers and other personal information, according to a news release from Florida Attorney General Bill McCollum's office. A forensic assessment provided by AvMed found that the risk of the stolen information being further disseminated is low, the release stated.

AvMed is notifying all of its members of the breach and is providing free credit monitoring for two years. AvMed covers some Florida state workers. The vast majority-1.19 million-of the affected beneficiaries are Florida residents.

By Rebecca Vesely
HITS Staff Writer
June 4, 2010

The HIPAA Flash is an opt-in HIPAA newsletter presented by BridgeFront. The content is for informational purposes only. Nothing herein constitutes legal advice - if you need legal advice, please consult a competent attorney.

BridgeFront is your best resource for compliance workbooks, online training, disclosure tracking systems, network scanning tools, backup facilities, certifications, consulting ... HIPAA from A to Z. For the most complete suite of HIPAA compliance products and services available, visit www.BridgeFront.com.

BridgeFront also offers training in OSHA, JCAHO, Nurse CE, Long Term Care, Revenue Cycle Management and much more. For more information, contact us by calling 866-447-2211 or send an email to info@bridgefront.com.