Six Fired Over Inappropriate Patient PHI Access at Cedars-Sinai Hospital

by | Jul 14, 2013

Cedars-Sinai Hospital in Los Angeles was selected by reality TV star Kim Kardashian and Rapper Kayne West as the hospital to have their daughter delivered. Their baby was born on June 15th, but three days later some staff members started looking at the medical records of one of the patient from the hospital. The hospital revealed that the records were accessed over a period of seven days.

Six staff accessed the medical records which they were not permitted to view, with one individual accessing 14 patient records and the other five accessing the record of a single patient. The hospital did not reveal the names of the patients affected by this security breach and according to the L.A Times, neither Kardashian nor West was available for comment on the privacy violation. The hospital did reveal that all patients affected by the breach had been contacted and notified of the unauthorized access and the hospital did not think that any crimes had been committed.

Cedars-Sinai adheres to strict policies to protect confidential medical records and the persons who accessed PHI of patients did not have the proper security credentials to do so. Access was gained using the login details of other members of the workforce.

Four of the staff had some medical privileges at the hospital but were employed by community physicians, one was working directly for the hospital as a medical assistant and another was a student research assistant. According to a statement released by the hospital, access to the data was possible thanks t the use of the logins of three community physicians; Dr. Sam Bakshian, Dr. Abraham Ishaaya, and Dr. Shamim Shakibai.

All three doctors were givenpermission to remotely access the data and all provided their login details to their assistants; which was in breach of hospital policy. The other login used to access the PHI was issued to the doctor’s employee directly for purposes sending out bills.

Cedars-Sinai Chief Privacy Officer reassured the public and patients about security at the hospital normally being of a very high standard and unauthorized access to data is “quite simply unacceptable”. This is the second time members of staff have been involved in incidents involving improper access to PHI at the hospital. In 2009 a member of staff stole records of patients and used the data to make fraudulent insurance claims.

The five members of staff who viewed the records inappropriately have now been sacked and the student research assistant’s time at the hospital has also come to an end.

As a further warning to the hospital will also restrict access to records by the individuals concerned, even if they gain employment at another health provider. Law enforcement has also been made aware of this as a precaution, although there is no evidence to suggest that any of the data viewed will be used for criminal purposes.

When the employees accessed the data they breached HIPAA regulations, and as such the Office for Civil Rights may conduct an investigation. The OCR has the authority to issue fines for HIPAA non-compliance issues and data violations, with the healthcare institution often held responsible in cases where employees have inappropriately viewed patient records.

In 2008, a worker at the UCLA Health System accessed the records of Britney Spears, Farah Fawcett and Maria Shriver and was convicted of selling medical information, for profit, to the National Enquirer. UCLA had to settle with federal regulators for $865,500. A fine of up to $50,000 can be applied  for each breach.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy