Court Sides with UCLA in Student Privacy Lawsuit

Norman Lozano argued the security measures the university had in place were insufficient.

A court’s recent decision absolved the University of California Los Angeles Health System from responsibility for the $1.25 million breach of a student’s medical records.

The decision rejects a lawsuit that sought to collect damages when Norman Lozano claimed emotional distress and invasion of privacy after her medical records were released, according to

Lozano’s records were accessed by a temporary worker at the school in 2012 when the worker illegally used a doctor’s ID and password to get medical information.

The temporary worker, then a student, was dating Lozano’s former boyfriend and sent the man medical information that showed Lozano had a sexually transmitted disease.

UCLA’s health system argued it had sufficient security measures in place and couldn’t be held responsible for the internal breach.

Lozano’s lawyers argued UCLA was liable because it didn’t do enough to prevent the data breach, like requiring the password to be entered a second time or making users provide a reason for accessing the records.

Ultimately, though, it was decided the additional security measures wouldn’t have made a difference.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo