UCLA Health System CEO: Britney Spears data breach was a catalyst for change

The UCLA Health System at the UCLA Medical Center has the dubious distinction of being home to some of the most notorious HIPAA violations--employees snooped in the personal health records of singer Britney Spears, actor Tom Cruise, and former California first lady Maria Shriver.

No question that kind of data breach--and the negative publicity that goes along with it--is a CEO's nightmare. But UCLAHS CEO David Feinberg, M.D., sees the positives in the situation. He tells HealthLeaders magazine that the experience was a wake-up call for the health system.

"It definitely was a crisis that we turned into a great opportunity," Feinberg says in the article. "We had a very, very lax culture around privacy, and because we happened to treat an A-list of celebrities, it got national attention. But the reality was we were sloppy not only with celebrities, but also with a nurse looking at another nurse's records to see if she was really sick yesterday. That was our culture."

The article outlines the fallout from these and other violations, from investigations to legislation to settlement fines to a corrective action plan that included aggressive training and technological fixes. For example, the organization actively monitors the data of patients who likely are targets of snooping, including celebrities and hospital employees. It also uses data loss-prevention tools, which stop users from sending sensitive information outside the network.

Although the organization has managed to change its culture and does a better job of protecting patient privacy, Feinberg tells HealthLeaders, the organization has not been immune to new breaches. "It almost never ends as we move toward more electronic medical records. They can be very, very difficult to secure because stuff like that happens. You can never let your guard down."  

To learn more:
- read the HealthLeaders magazine article
- read more about the UCLA system's HIPAA violation settlement
- read more about the aftermath of the Spears privacy breach