By Charles Ornstein
Los Angeles Times Staff Writer
May 12, 2008
California health regulators have connected 14 more people affiliated
with UCLA Medical Center, including four physicians, to the improper
viewing of celebrity medical records, bringing the number of current and
former workers apparently implicated in the snooping scandal to 68.
The additional violations came to light in a report by the California
Department of Public Health, which was sent to the hospital Friday. The
findings are the latest to stem from reports in The Times about UCLA
employees' prying into records of celebrities and co-workers. The
regulators faulted UCLA for failure to maintain patient confidentiality
and report the breaches to regulators.
The key findings relate to the activities of Lawanda J. Jackson, a
longtime administrative specialist who allegedly pried into the medical
records of 61 patients, including celebrities and co-workers.
According to the new report, Jackson reviewed the records of actress
Farrah Fawcett on 104 days between July 1, 2006, and May 21, 2007. She
also looked at the records of pop star Britney Spears, whose medical
files have been viewed inappropriately by dozens of other UCLA workers,
according to the report and interviews. (Jackson is not mentioned by
name in the records, nor are the celebrities involved, but The Times has
confirmed their identities.)
Jackson, 49, was indicted by a federal grand jury last month for
allegedly selling information to the news media from medical records of
celebrity patients. If convicted, she faces up to 10 years in prison.
Jackson had been in trouble before for snooping at UCLA, according to
the new state report. Regulators found that Jackson had received
"written counseling" in 2005 for improperly accessing the medical
records of a co-worker.
She remained on the job until Fawcett complained to her UCLA doctor
about a suspected breach, shortly after the National Enquirer reported
last May that the actress' cancer was back. Fawcett had not yet told her
son or closest friends about the recurrence.
Jackson resigned in July from UCLA after the hospital said it intended
to fire her for "serious misconduct" in violation of federal patient
In an interview in April, Jackson told The Times that she did not leak
information to the tabloids and that she was just "being nosy."
The state report suggested that Jackson might have tried to hide the
extent of her snooping. One of her co-workers recently acknowledged that
she twice gave Jackson her password and user information, according to
inspectors. The review found that the employee's user ID was accessed
from Jackson's computer to look at 46 records.
State inspectors found that 13 other people affiliated with UCLA
apparently snooped on Spears' records between July 2006 and May 2007.
That is in addition to 53 staffers identified in three previous state
reports who looked at Spears' records on other occasions. The 13
included three physicians, a physician trainee, three registered nurses,
two outside contractors, a volunteer and three support staff.
Each of the employees had signed a confidentiality agreement after being
hired promising to access patient information "only in the performance
of assigned duties and where required or permitted by law," the state
UCLA apparently did not determine the extent of the inappropriate prying
until prodded recently by the state. Last month, inspectors from the
health department asked a hospital official whether anyone else had
inappropriately looked at the records reviewed by Jackson, and the
official said, "As far as I know, no one else."
Prompted by a state request to dig further, however, UCLA found the
remaining 14 people, including Jackson's co-worker.
Kathleen Billingsley, director for the state health department's Center
for Healthcare Quality, would not say what the state's next steps would
be, other than to work with UCLA to fix the problems. State officials
have previously said that they were reviewing whether they could levy
sanctions against UCLA or if additional penalties would be needed
"We believe that this sends a clear message to the healthcare community
that the confidentiality of patient medical records must be protected,"
UCLA officials have said that they take the breaches seriously. The
employee who gave Jackson her user ID and password has been disciplined,
hospital spokeswoman Dale Tate said. Of the 13 who looked at Spears'
records, seven are no longer affiliated with UCLA, and the other six are
"Because these reviews are ongoing, we cannot provide additional
information on the specifics of the investigation and the disciplinary
actions, if any," the hospital said in a statement.
UCLA officials have appointed a high-level committee to review privacy
policies and have pledged to retrain staff and improve computer systems
to increase security.
Fawcett has not commented publicly about the breaches, but in a letter
sent April 30 to U.S. Atty. Thomas P. O'Brien, Fawcett asked that his
office expand the scope of its criminal investigation beyond Jackson to
include tabloid journalists.
"It is my personal belief that what Lawanda Jackson is most guilty of is
being a pawn," Fawcett wrote. "She worked in a hospital system that did
not provide strong enough deterrents to stop their employees from
breaching their patient's medical records -- which made it all the
easier for the tabloids to financially induce . . . her to invade my
privacy as well as the privacy of others."
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com