From 2005 through 2009, UCLA Health System Hospitals ("UCLA") received complaints that its employees had viewed celebrities' medical records without authorization. After an investigation, federal health regulators determined that UCLA employees reviewed patients' electronic medical records "repeatedly and without a permissible reason." Federal health regulators found that UCLA failed to remedy the problem and discipline or retrain its staff. Ultimately, UCLA entered into a settlement agreement with federal health regulators. Under the settlement agreement, UCLA must pay a fine of $865,000. The settlement agreement further requires UCLA to: (1) submit a plan to federal regulators outlining how it plans to prevent future privacy breaches; (2) retrain its staff about privacy protections; (3) institute privacy policies; (4) appoint a representative to oversee its privacy improvements; and (5) report to federal regulators for the next three years.