U. of Oregon denies it violated student’s privacy rights in sexual assault suit

Officials at the University of Oregon have denied allegations they violated the privacy rights of a student who says three men’s basketball players sexually assaulted her in March 2014.

In January, the student filed suit against the institution and its head basketball coach, according to The Register-Guard, claiming the institution violated her civil rights when it recruited one of the accused players from Providence College, where he also was accused of rape.

Along with neglecting to protect the woman from sexual assault and the Title IX civil rights violation, the plaintiff, referred to only as “Jane Doe,” claims university officials violated the federal student privacy law when they obtained university health center counseling records about the plaintiff, according to The Daily Emerald. University officials say they did not read the files.

In a legal response filed on Monday, the university argued its collection of the records was legal because the Family Educational Rights and Privacy Act allows health center officials to provide records to university attorneys because they relate to a lawsuit.

Former SPLC Attorney Advocate Adam Goldstein:  The short answer is that it’s complicated (as are so many things with FERPA), but that the University’s explanation is probably valid. 

Here’s the thing. When health care is being provided because of someone’s status as a student, those records are covered by FERPA and not HIPAA. So we can move on from that issue right away.

34 CFR Sec. 99.31 governs the disclosure of information without consent, and one of the situations it envisions is 99.31(i)(9)(3)(B): 

If a parent or eligible student initiates legal action against an educational agency or institution, the educational agency or institution may disclose to the court, without a court order or subpoena, the student’s education records that are relevant for the educational agency or institution to defend itself.

It would be a neat trick to have the files disclosed to the court without their attorneys being involved. And if these are education records covered by FERPA and not HIPAA — which, evidently, they are at present — then they’re relevant to the emotional state of the plaintiff. Since emotional distress is one of the claims, the content is probably relevant to the claim. 

That this is one of the few places where FERPA actually does reflect a common law principle of privacy: that you lose the benefit of your privileged relationships when you bring them into issue in a lawsuit. That is, your privileged relationships are meant to be used as shields against third-party intrusion, not swords to attack the people in the relationship. 

For example, if the student plaintiff was suing her doctor for malpractice because she alleged that she couldn’t walk after a surgical procedure, the doctor would be just as entitled to disclose her medical files to the court in order to demonstrate the validity of the care provided or the absence of a disability. 

If the counseling sessions are consistent with the plaintiff’s claim, it’s not going to result in disclosures any greater than the ones already made in the plaintiff’s complaint about her mental state. If the sessions are inconsistent, the court has a need to know that information, too. 

We rate this: a pretty legitimate use of FERPA