Celebrity HIPAA violations are actually one of the most common HIPAA violations to occur in a healthcare organization or hospital. Celebrity HIPAA violations most often occur when unauthorized personnel at healthcare facilities lookup the health records of celebrities. We live in a world where celebrities, professional athletes, and government officials are more accessible to us than ever before.
This accessibility is largely due to the booming social media industry. Never before have people had the ability to see what’s going on with their favorite Hollywood star at a moments notice, from the palm of their hand.
Don’t get it confused, social media is a great tool to utilize for staying up to date on businesses, news, and friends but that is where the informational digging should stop.
There is a clear line between finding out your favorite celebrity has checked in to their nearest hospital or rehabilitation center through the tabloids and digging through their medical records because you work at the healthcare organization they’ve checked into.
17 Celebrity HIPAA Violations You Won’t Believe
We’ve gathered a list of 17 celebrity HIPAA violations. The majority of them occurred due to unauthorized personnel checking in on celebrities’ medical records.
A Celebrity HIPAA Violation Formerly Known as…
Prince - April 2016
This is one of the most recent celebrity HIPAA violations. In 2016 we witnessed many legendary celebrities deaths, one of whom was Prince.
Six days prior to his death, on April 21st, 2016, TMZ reported that doctors gave him treatment that was “typically administered to counteract the effects of an opiate.”
The story they reported does not constitute a HIPAA violation, although there are many people still questioning the integrity of the information TMZ received in their initial report.
If medical professionals or staff disclosed the information about the potential drug overdose, that would be considered a breach of Prince’s rights under the HIPAA privacy rule.
However, as it stands, TMZ and other news media outlets that reported it, cannot be charged with violated HIPAA.
The New York Football Celebirty HIPAA Violation
Jason Pierre-Paul - February 2016
On July 4, 2015, former New York Giants defensive end, Jason Pierre-Paul suffered a devastating hand injury during a fireworks accident. He was sent to and treated at Jackson Memorial Hospital in Miami, Florida.
Due to the injury, medical staff were forced to amputate the middle finger on his right hand.
ESPN reporter, Adam Schefter, immediately posted details of the incident, including Pierre-Paul’s medical records on Twitter. His medical information was leaked to the press by two employees in an image shared with Schefter.
At the time of this accident, Pierre-Paul was negotiating a new $60 million contract with the Giants and this injury put that contract at risk.
This was a clear HIPAA privacy violation and the results of this violation were two lawsuits, one to ESPN and one to Miami’s Jackson Memorial Hospital. Also, the two employees who released Pierre-Paul’s PHI, a nurse and secretary, for the unauthorized access of information were fired.
The lawsuit for this celebrity HIPAA violation against ESPN was settled in 2017…
ESPN continues to firmly believe that i,ts reporting about Mr. Pierre-Paul’s July 2015 injury, including the use of a medical chart that definitively described the seriousness of the injury and resulting treatment, was both newsworthy and journalistically appropriate,” the network stated. “Despite their different points of view, the parties have agreed to amicably resolve their dispute rather than continue their litigation
Ebola Scare Leads to Breach
Dr. Rick Sacra - September 2014
This celebrity HIPAA violation occured in 2014, Dr. Richard Sacra was admitted to the Nebraska Medical Center in Ohama and it drew national headlines as he was the third American medical missionary to return to the U.S. for treatment of the Ebola virus.
While he was treated in the hospital’s biocontainment unit for 20 days, from September 5 - 25, 2014, two hospital employees inappropriately accessed his electronic medical record (EMR).
As a result of this HIPAA violation, the two unauthorized employees were fired.
HIPAA’ing up with a Kardashian
Kim Kardashian - July 2013
This celebrity HIPAA violation is not as surprising as some of the others due to the shear popularity of those involved. On June 15, 2013, Kim Kardashian gave birth to her and Kanye West’s daughter, North West. A week later they checked out of the hospital.
On July 12, 2013, The LA Times reported that six people were fired from Cedars-Sinai Medical Center, where North West was born, over privacy breaches involving patient medical records.
Five of the staff members access a single patient record while one other looked at 14 records. Kim-ye refused to respond.
This HIPAA violation cost these staff members their jobs and have been permanently banned from future access to any medical records at Cedars-Senai Medical Center, even if they work for other healthcare facilities.
Mass Shooting Leads to Breach
U.S. Rep Gabrielle Giffords - January 2011
On January 8, 2011, the nation mourned to the news that nineteen people were shot during a constituent meeting held in a supermarket parking lot in Casas Adobes, Arizona.
One of the targets of this shooting was United States Representative Gabrielle Giffords. All injured patients were sent to Tucson’s University Medical Center, the majority of which were in critical condition.
While these patients were staying at the medical center, three employees accessed confidential medical records without authorization.
All three employees were terminated as well as a contracted nurse, families affected were notified, and the number of patients affected was not disclosed.
Hospital Hit with $865,000 HIPAA Fine
UCLA Hospitals - July 2011
UCLA Health Systems was one of the biggest culprits of celebrity HIPAA violations and, in 2011, were fined $865,000 by The Department of Health and Human Services’ Office for Civil Rights by allowing the medical records of three celebrity patients be accessed by non-authorized personnel; Brtiney Spears, Maria Shriver, and Farrah Fawcett.
These breaches occurred between 2005 and 2009. The settlement was a result of multiple failures to remedy the privacy and security deficiencies at the hospitals and to manage risk.
All UCLA hospitals in question failed to implement sufficient controls after these HIPAA breaches occurred to prevent them for occurring again.
You’ve Been Hit by, You’ve Been Struck by a Large HIPAA Fine
Michael Jackson - June 2010
On June 25, 2009, Michael Jackson passed away due to acute propofol and benzodiazepine intoxication at his home in Los Angeles.
While there was already a lot of controversy surrounding his death, the LA Times reported that his medical records had been improperly accessed at Ronald Reagon UCLA Medical Center, resulting in a $95,000 fine for privacy violations.
The breaches occurred five days after his death on June 30th and included at least half a dozen staff members inappropriately accessing Jackson’s death certificate. Within two weeks of his death, his death certificate had been viewed more than 300 times. Two hospital workers and two contract employees were also fired due to this celebrity HIPAA violation.
Brutal News Anchor Robbery Leads to Violation
Anne Pressly - October 2009
On October 20, 2008, popular Little Rock, Arkansas news anchor, Anne Pressly, was brutally attacked during a robbery at her home, hospitalized at St. Vincent Infirmary Medical Center, and died five days later.
During her stay, three employees accessed her electronic files to determine her condition out of admitted curiosity, even though they knew that they were breaking the law.
One of the employees was fined $2,500 with one-year probation, another employee was fined $1,500 with one-year probation, and the doctor out of the group was fined $5,000 while having to perform 50 hours of community service educating other professionals on the importance of HIPAA.
Nadya “Octomom” Suleman
On May 15, 2009, it was reported by HealthLeaders that Kaiser Permanente Bellflower Hospital in Los Angeles received a $250,000 fine due to 23 employees unlawfully breaching the privacy of a patient, Nadya “Octomom” Suleman, who gave birth to octuplets earlier that year
This was the first fine of its kind under a new California state law that went into effect on January 1st, 2009 designed to protect patient privacy.
Kaiser terminated one employee, 14 of those in question resigned, and another eight received disciplinary action.
To this day, some still attribute Octomom’s claim to fame to this celebrity HIPAA violation.
Richard Collier - November 2008
On Tuesday, September 2, 2008, Richard Collier, then one of Jacksonville Jaguar’s offensive tackles, was shot and critically wounded outside an apartment complex at around 2:45 am. Collier was waiting outside of the apartment when they were shot.
The shooter was later identified as Tyrone Hartsfield whose motive was revenge. The April before the attack, Hartsfield was knocked out by Collier in a fight that broke out at a night club.
Collier was admitted to Shands-Jacksonville Medical Center, two weeks after Collier was discharged 20 hospital employees were fired for violating Collier’s medical privacy.
These staff members accessed Collier’s medical records through a computer, which was later audited. Many professionals accused Shands of going overboard by firing people who had legitimate reasons to access Collier’s record and those who accessed the file accidentally.
Leave Britney’s EMR Alone
Britney Spears - March 2008
In January 2008, Britney Spears was forced into a psychiatric ward after refusing to take prescribed medication and dangerously driving around her neighborhood. Spears was admitted to the UCLA Medical Center in Los Angeles.
Three months after the event, UCLA Medical Center took steps to fire at least 13 employees and suspend six others for snooping in Britney Spears’ medical records.
This wasn’t the first time Britney Spears fell victim to a celebrity HIPAA violation. When her first son was born in September 2005, several employees at Santa Monica-UCLA Medical Center and Orthopaedic Hospital were caught looking into her medical records.
ER’s Dr. Douglas Ross is Breached
George Clooney - October 2007
On September 21, 2007, it was reported that George Clooney and then-girlfriend, Sarah Larson, were treated at Palisades Medical Center in North Bergen, New Jersey after a motorcycle accident.
Clooney suffered a broken rib and skin abrasions and Larson broke her foot. One month later, in October, the medical center suspended 27 employees at their facility for accessing their personal medical records.
The employees were suspended for one month without pay. Clooney responded to the reparations, “This is the first I've heard of it. And while I very much believe in a patients right to privacy, I would hope that this could be settled without suspending medical workers.”
HIPAA Sting Operation
FarRah Fawcett - 2007
Farrah Fawcett battled cancer for many years up until her tragic death in 2009. As it turned out, whenever she sought treatment at the UCLA Medical Center, the tabloids would quickly release the news to the public that was she was admitted.
While Fawcett was admitted in May 2007 she set up a sting operation where she withheld news from her friends and relatives of her rediagnosis. Within days the story was on the National Enquirer.
The employee who was leaking the information was later identified as Lawanda Jackson. It was reported that Jackson received at least $4,600 from the publication through checks made out to her husband.
Jackson faced up to 10 years in prison but died from complications with breast cancer before sentencing.
First Prison Sentence for a HIPAA Violation
Drew Barrymore, Arnold schwarzeneggar, Tom Hanks, Leonardo DiCaprio - October 2003
On October 29, 2003, Dr. Huping Zhou received notice from the UCLA Health System that they intended to dismiss him for job performance reasons.
Disgruntled, over the next three weeks Zhou abused his access to the organization’s electronic health record system to view the medical records of celebrities and high-profile patients including Drew Barrymore, Arnold Schwarzeneggar, Tom Hanks, and Leonardo DiCaprio.
Zhou accessed UCLA’s record system 323 times throughout that three week period and admitted that he obtained and read patient health information on four specific occasions after he was terminated.
Zhou was sentenced to four months in prison and fined $2,000 on April 27, 2003, for four misdemeanor counts of accessing and reading medical records of his supervisors and high-profile celebrities.
Celebrity HIPAA Violations Takeaway
Due to the general’s fascination with the celebrity world, it almost seems as though whenever something happens to a celebrity, that requires medical attention, it leads to unauthorized medical personnel viewing their medical records.
Celebrities still have the same medical rights under HIPAA as the general public. This means that if a celebrity is ever admitted to your hospital, behavioral health organization, or medical practice your staff must be educated on HIPAA and you should have necessary technologies put in place to ensure your patients’ medical records are kept out of reach of unauthorized individuals.