University of California-Los Angeles' Resnick Neuropsychiatric Hospital officials on Monday said the hospital has banned all cell phones and laptop computers after a patient posted photographs of other patients on a social networking Web site, the Los Angeles Times reports.
Thomas Strouse, medical director of the hospital, called the policy change part of "UCLA Health System's ongoing efforts to enhance patient privacy and confidentiality in compliance with California's patient rights law."
UCLA spokesperson Dale Tate said the hospital was notified of the posted photos from a nurse's family member. She added that the patients had given consent to be photographed.
In related news, UCLA plans to fire at least 13 employees and has suspended six others for inappropriately accessing the electronic health record of pop star Britney Spears while she was a patient in the neuropsychiatric hospital. In addition, six more employees are being disciplined (Ornstein, Los Angeles Times, 3/18).
State and federal laws governing medical privacy allow for fines of up to $250,000, but such penalties are rare. In addition, separate laws allow for additional fines if patients are receiving treatment for mental illness or substance abuse.
On Friday, the California Department of Public Health announced it had opened an investigation of the hospital (Ornstein, Los Angeles Times, 3/15).
Deborah Peel, founder of Patient Privacy Rights, said the breach is not unusual, Healthcare IT News reports.
Last year, Palisades Medical Center in New Jersey suspended more than two dozen employees without pay for accessing actor George Clooney's medical record when he was admitted for a motorcycle injury. In addition, several UCLA employees were fired in 2005 after snooping into Spears' medical records when she gave birth.
"Hospitals have very, very poor access control. But we do have the technology available to fix this," Peel said. She added that "smart technologies," such as role-based access control, and independent consent management tools could be used to better control access to patients' health records (Merrill, Healthcare IT News, 3/17).