Court Sides with UCLA in Student Privacy Lawsuit

Norman Lozano argued the security measures the university had in place were insufficient.

A court’s recent decision absolved the University of California Los Angeles Health System from responsibility for the $1.25 million breach of a student’s medical records.

The decision rejects a lawsuit that sought to collect damages when Norman Lozano claimed emotional distress and invasion of privacy after her medical records were released, according to

Lozano’s records were accessed by a temporary worker at the school in 2012 when the worker illegally used a doctor’s ID and password to get medical information.

The temporary worker, then a student, was dating Lozano’s former boyfriend and sent the man medical information that showed Lozano had a sexually transmitted disease.

UCLA’s health system argued it had sufficient security measures in place and couldn’t be held responsible for the internal breach.

Lozano’s lawyers argued UCLA was liable because it didn’t do enough to prevent the data breach, like requiring the password to be entered a second time or making users provide a reason for accessing the records.

Ultimately, though, it was decided the additional security measures wouldn’t have made a difference.

Read More Articles Like This… With A FREE Subscription

Campus Safety magazine is another great resource for public safety, security and emergency management professionals. It covers all aspects of campus safety, including access control, video surveillance, mass notification and security staff practices. Whether you work in K-12, higher ed, a hospital or corporation, Campus Safety magazine is here to help you do your job better!

Get your free subscription today!

Get Our Newsletters
Campus Safety HQ