A court has found that the UCLA Health System is not responsible for the unauthorized release of information from a woman's medical record and therefore the organization does not have to pay the $1.25 million the plaintiff sought for emotional distress and invasion of privacy.
The plaintiff, Norma Lozano, alleged that an employee used a physician's login information to access her medical record, then took photos of and distributed data from the record. The employee was romantically involved with Lozano's ex-boyfriend and the shared information revealed she had a sexually transmitted disease.
Lozano accused UCLA of not doing enough to prevent unauthorized access of her medical records, including enabling a second form of security before the breach occurred.
The hospital claimed that it should not be held responsible for the misconduct.
Lozano's case focused on a second layer of security but that might not have prevented the breach because it requires users of UCLA’s EMR to enter their password twice, as well as providing a reason for viewing the record.
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.