More than 120 workers at a Los Angeles hospital looked at celebrities' medical records and other personal information without permission between January 2004 and June 2006 - nearly double the number initially reported earlier this year, according to a state report.
The report, released Monday by the California Department of Public Health, also said three staffers at the UCLA Medical Center continued to look at the confidential records of a "well-known individual" after a crackdown of record-peeking in April. The state report didn't release the name of that celebrity.
State regulators blame the hospital for not taking adequate steps to maintain patient confidentiality.
"What's startling to us is, as we get to a point where we feel we've addressed a specific complaint and a specific issue, we identify additional issues," said Kathleen Billingsley, director of the health department's Center for Healthcare Quality. "It's very disturbing to see this."
State public health officials have released five reports since the Los Angeles Times first reported UCLA employees pried into the medical records of prominent patients, including Britney Spears, Farrah Fawcett and California first lady Maria Shriver.
The latest report said 127 workers peeked into celebrities' medical records without permission, leading to several firings, suspensions and warnings. The report also detailed the case of one employee who looked at the records of about 900 patients "without any legitimate reason" and viewed Social Security numbers, health insurance information and addresses, from April 2003 to May 2007.
Previous state reports had said the woman, Lawanda Jackson, viewed about 60 patient records. The former administrative specialist faces federal criminal charges for violating Fawcett's privacy.
The report said Jackson used her supervisor's password to view the records, which officials determined by examining her workstation.
After the April violations, one nurse was fired and the two other employees received warnings, the report said.
Hospital officials said computer systems have been updated to block complete Social Security numbers and that staff is being trained on privacy and security. The hospital also said it has notified all patients whose privacy was breached by Jackson.
"We have no excuses," said Dr. David Feinberg, chief executive of the UCLA Health System, in a statement. "UCLA should have detected the violations by Ms. Jackson years ago and should have immediately initiated the process to dismiss her."
Feinberg said the medical center continues to investigate and all employees found to have breached patient confidentiality were disciplined or fired.