A UCLA Health System audit report containing private patient information was posted online earlier this month, though it remains unclear how many people were affected, according to a letter from a health system official obtained by the Daily Bruin.
The report was on the billing practices of the UCLA Health System’s Emergency Department and was sent to the UC Office of the President, according to the letter sent last week by UCLA Medical Sciences chief privacy officer Robert Gross.
A Health System employee attached information containing the first and last name and a five-digit billing code related to a patient who visited the Emergency Department in May 2011 to the audit report. There was no information included that related to the patient’s specific visit, and social security numbers and addresses were also not posted, the letter stated.
The information was posted along with the audit report on UCOP’s public website on May 7. Two days later, officials received an anonymous call on May 9 letting them know the information was on the site, and UCOP removed the information from the site, according to the letter.
Gross said in the letter there is no evidence suggesting the information was compromised. There were five reported hits on the audit report, two of which were employees researching the incident, according to an access log mentioned in the letter.
The employee who attached the patient information to the report will receive “appropriate corrective action,” the letter stated. The director of the department where the employee works will also provide additional education to staff about reviewing audit reports for patient information.
This appears to be the second time in a year that the UCLA Health System has accidently released private patient information. In November, the Health System released a warning that personal patient information may have been compromised after a hard drive containing information for more than 16,000 patients was stolen from a physician’s home in September.
The hard drive did not contain social security numbers or financial information, but did include first and last names and may have contained birth dates, medical record numbers, addresses and medical record information. The health system, however, did not conclude any information was misused.
In that case, the health system said it was reviewing policies and procedures to determine if any revisions had to be made to reduce the likelihood of that kind of incident.
The letter recommends calling the Health System at (310) 794-8638 with any questions.
Health system officials could not be reached for comment as of press time about the extent of the incident.
Compiled by Kylie Reynolds, Bruin senior staff.