A court’s recent decision absolved the University of California Los Angeles Health System from responsibility for the $1.25 million breach of a student’s medical records.
The decision rejects a lawsuit that sought to collect damages when Norman Lozano claimed emotional distress and invasion of privacy after her medical records were released, according to thehill.com.
Lozano’s records were accessed by a temporary worker at the school in 2012 when the worker illegally used a doctor’s ID and password to get medical information.
The temporary worker, then a student, was dating Lozano’s former boyfriend and sent the man medical information that showed Lozano had a sexually transmitted disease.
UCLA’s health system argued it had sufficient security measures in place and couldn’t be held responsible for the internal breach.
Lozano’s lawyers argued UCLA was liable because it didn’t do enough to prevent the data breach, like requiring the password to be entered a second time or making users provide a reason for accessing the records.
Ultimately, though, it was decided the additional security measures wouldn’t have made a difference.