The U.S. Department of Health and Human Services (HHS) this week announced that the University of California at Los Angeles Health Services (UCLAHS) has agreed to pay a $865,000 fine and pledged to tweak their infrastructure after potentially breaking the Health Insurance Portability and Accountability Act (HIPAA).

According to a press release on the HHS site, the settlement stems from two claims that unauthorized employees, without reason, accessed records of celebrities that received care at UCLAHS.

In addition to the $865,000, UCLAHS will have to instigate a multi-step plan approved by the Office for Civil Rights, conduct “regular and robust” trainings for employees that access sensitive information and instate an independent employee that’ll supervise the department’s compliance for three years.

The UCLA incident is the third time this year the HHS has stepped in and issued steep monetary fines to a health care organization. In February the department issued a 4.3 million fine to Maryland-based Cignet following their inability to provide patients with copies of their records. Also in February, Massachusetts General Hospital agreed to pay $1 million to settle HIPAA violations after it was found they failed to implement safeguards following the loss of customers’ medical data.

Categories: Compliance, Social Engineering