Tabloids make money by publishing juicy celebrity health gossip. Ever wonder where they get the information? Many times, it comes from medical professionals snooping where they shouldn’t. Patient protected healthcare information (PHI) is protected by the Health Insurance Portability and Accountability Act (HIPAA). But even though medical staff can go to prison for disclosing medical information, they still do it. Unfortunately, leaked medical information causes harm to patients, families, and medical institutions. Here are the top high-profile instances of celebrity HIPAA fails and their consequences.
Drew Barrymore, Arnold Schwarzenegger, Tom Hanks & Leonardo DiCaprio: Ground Zero
In 2003, UCLA Medical Center Dr. Huping Zhou lost his job due to poor performance. Disgruntled, he started to spy on the organization’s electronic health record system. In fact, he logged into UCLA’s system 323 times over the course of 3 weeks. He spent this time getting his hands on all the high-profile celebrity healthcare information he could… but he was caught.
In court, the attorney argued that Dr. Zhou did not know that accessing the records was a federal crime. It was never proven that he sold or otherwise shared the information with others. Perhaps he was caught before he was able to. Dr. Zhou was the first person in the United States to go to jail and pay a fine for a HIPAA violation-misdemeanor. He served four months in prison and paid $2,500 in fines. Unfortunately, for UCLA Health System, which sees many celebrities, this marked the start of a decade of HIPAA scandals.
Farrah Fawcett’s Heartbreaking Ordeal
As it goes, even having cancer doesn’t buy a celebrity any compassion. When Farrah Fawcett’s cancer returned in 2008, a callous UCLA Medical Center employee immediately leaked the information to the tabloids. The diagnosis appeared in The National Enquirer before Fawcett was able to alert her friends or even her son. Her diagnosis became a national topic of conversation before she was able herself to process the devastating news.
Although the employee was fired, the incident understandably wreaked emotional havoc on Fawcett. Kim Swartz, one of the actress’s attorneys, said: “This has been very hard for her. Not knowing who has her personal information has taken an incredible toll on her.”
Maria Shriver in the News
The same woman who accessed Farrah Fawcett’s records peeked into another cancer patient’s file: former NBC newswoman Maria Shriver. UCLA officials examined the employee’s emails and phone records and felt that she had not leaked the information. Yet, details about Shriver’s treatment also showed up in the National Enquirer.
The incident, added to his own experiences, prompted Shriver’s ex-husband, then-Governor Schwarzenegger to push for new patient legislation. He’s quoted saying “a breach of any patient’s medical records is outrageous.” In 2008 he signed bills AB 211 and SB 541 that increased fines for HIPAA violations in California.
George Clooney Fascinates 27
In 2007, George Clooney’s medical records became a fascinating read. After a motorcycle accident, Clooney went to Palisades Medical Center in New Jersey. Clooney had a broken rib and his companion, Sarah Larson, had a broken foot. Clooney’s medical records became the topic of gossip when a whopping 27 employees read through his personal medical records. WCBS in New York reported that they then leaked the records to the press but this was never proven.
Although nobody was fined, Palisades Medical Center’s reputation certainly took a hit. All 27 healthcare employees ended up suspended without pay.
HIPAA Fails Britney Spears
Back in 2005, some UCLA employees received disciplinary action for peeking at Spears’ medical records after the birth of her son. In 2008, Oops! they did it again. This time, staff was caught reading her psychiatric evaluation… not cool.
Ironically, before her arrival, the hospital had sent a memo reminding all staff of privacy rules. It instructed employees not look at medical records unless the patient was in their direct care. But perhaps tabloids offer so much for gossip on Spears that the instructions fell on deaf ears.
Jeri Simpson, the director at the Santa Monica branch, said: “It’s not only surprising, it’s very frustrating and it’s very disappointing. I don’t know what it is about this particular person,” she claimed, referring to the pop star.
This time, the university fired thirteen employees, suspended six others and took disciplinary action against six doctors.
Richard Collier’s Privacy
Twenty other hospital workers were also fired in 2008 after being accused of breaking HIPAA laws in the case of Richard Collier.
A gunman walked up to Jaguar player Collier and shot him 14 times outside a Riverside apartment. The athlete was rushed to Shands-Jacksonville Medical Center in Florida. Collier lost one of his legs and remained paralyzed from the waist down. During his medical treatment, 20 hospital workers violated Collier’s right to privacy by viewing his medical records unnecessarily.
Among those fired were nurses, patient relations staff, and admission’s employees. While critics of the punishment claim the hospital went too far in retaliation, the medical facility disagreed:
“Any allegation of a breach of patient confidentiality is taken very seriously. All allegations are investigated thoroughly. If it has been determined that a violation has occurred, disciplinary action up to and including termination can be used. In order to maintain patient confidentiality, we do not comment on any specific cases,” officials said.
Anne Pressly: Spied On As She Died
Anne Pressly was a popular American news anchor for Little Rock Arkansas KATV Channel 7. During a 2009 burglary, she was brutally raped and assaulted in her home. She received treatment for five days at St. Vincent Infirmary Medical Center before succumbing to her injuries.
During the ordeal, one doctor and two employees accessed Pressly’s electronic files to determine her condition. They later admitted that they knew they were breaking the law but accessed the files out of curiosity. All three plead guilty to violating HIPAA laws.
The three employees were fined for their indiscretions. The doctor, in this case, had to pay $5,000 in fines. He also had to perform 50 hours of community service educating professionals on the importance of HIPAA.
Nadye Suleman: a HIPAA Celebrity?
Perhaps HIPAA violations contributed to Nadye Suleman’s celebrity status. Even so, Nadye Suleman was quick to take a tabloid beating after giving birth to octuplets in 2009.
Suleman delivered her babies at the Kaiser Permanente Bellflower Medical Center in Los Angeles. During her stay, 15 staff members snooped into her records. A computer monitoring audit discovered the breach and those at fault.
Although there was no proof that they sold the information, the hospital fired all 15 employees. Eight other employees received unspecified disciplinary action for their role in the incident.
The breach exposed unsavory behavior on the part of the staff. But at least it showed how effective the hospital’s security systems were at catching the breach. Kaiser was fined $250,000.
Michael Jackson Not Allowed to R.I.P.
Michael Jackson was plagued by the paparazzi for most of his life. Tabloids paid outrageous amounts of money to get any information about the mega star. His surgeries and skin condition were repeatedly scrutinized, discussed, and mocked.
His physician, Dr. Arnold Klein, reported what he considered a grave HIPAA violation that happened under his care. He warned that his own lawyers, an employee and an accountant had released Jackson’s entire chart, without permission.
He stated that “This unauthorized release of Michael Jackson’s records has caused my practice untold damage and has spurned a media circus. It has given tabloids and trashy media free access to Mr. Jackson’s private medical information.”
But that’s not all. Jackson faced yet another attack on his privacy following his death in 2009.
After Jackson died, unauthorized staff accessed his death certificate more than 300 times. The group of curious georges included medical students, contractors, and employees. Two hospital workers and two contract employees lost their jobs. UCLA was fined $95,000 by the California Department of Public Health for this incident.
By 2011, the UCLA Health System would agree to pay a fine of $865,000 to settle HIPAA privacy violations at its three hospitals.
HIPAA Fails Kim Kardashian
In 2013, medical employees decided to “Keep Up With The Kardashians,” and it cost them their jobs. Reality television actress Kim Kardashian gave birth at Cedars-Sinai Medical Center, Los Angeles. During her stay, fourteen HIPAA violations occurred. Five staff members accessed a single patient record. Another employee looked at 14 records. Kardashian and partner Kanye West refused to comment following publication of the news in the Los Angeles Times.
The five employees and one student research assistant were fired. They have permanently been denied future access to any medical records at Cedars-Sanai Medical Center. This will remain in place even if they later work for other healthcare facilities.
Jason Pierre-Paul Sues
In July 2015, New York Giants football player Pierre-Paul suffered a hand injury during a fireworks accident. He was treated at Jackson Memorial Hospital in Miami, FL where physicians were forced to amputate the middle finger of his right hand.
ESPN immediately posted details of Pierre-Paul’s medical records on Twitter. This was devastating for Pierre-Paul who at the time was negotiating a new $60 million contract with the Giants. His medical information had been leaked to the press by two employees.
According to ESPN, nobody requested details from the hospital. The employees decided to leak the information to the press for reasons unknown. Did they think the public’s right to know was more important than Pierre-Paul’s career? Consequently not only were Jackson Memorial and ESPN sued, two employees were fired.
Prince’s HIPAA Violations Unsolved
Prince was a famously private person. So the week before his death he was upset that the news reported he had been hospitalized for the flu. But it didn’t stop there, a mere six days before his death, tabloids reported that the singer had suffered a drug overdose.
A gossip site reported that Prince’s private jet made an emergency landing in Moline, IL. Citing several anonymous sources, it claimed that medical personnel administered the normal medications to avoid death from an opiate overdose. Later, they reported that EMTs had given the treatment following a Percocet overdose. It is unclear how much the stress of these leaked reports affected Prince’s health in his final days.
The Office for Civil Rights that enforces HIPAA laws states, “Healthcare providers cannot invite or allow media personnel […] into treatment or other areas of their facilities where patients’ PHI will be accessible in written, electronic, oral, or other visual or audio form, or otherwise make PHI accessible to the media, without prior written authorization from each individual who is or will be in the area or whose PHI otherwise will be accessible to the media.”
The unauthorized disclosures of this medical information may have been serious breaches of HIPAA. But, those responsible for releasing the medical information to the press were never discovered. Perhaps, like much surrounding Prince’s death, this too will remain a mystery.
Why Should We Care When HIPAA Fails?
Although HIPAA laws may not seem like a big deal, leaking medical information is never a victimless crime. Whether those affected are celebrities or not, medical records taken out of context can ruin reputations, careers and devastate families. On a larger scale, repeated lawsuits and sky-high fines can cripple hospitals and force them to shut their doors. And THAT affects us all.
Think you know everything about HIPAA? Take our challenge!