The Regents of the University of California has successfully regained control over the domain name ucsfmychart.net through a recent administrative proceeding. This case highlights the ongoing challenges that major healthcare and academic institutions face as they seek to protect their digital patient interfaces from unauthorized third-party registrations. The decision results in the full transfer of the domain from the individual registrant to the University, ensuring that a critical point of digital contact remains under official oversight.
The dispute centered on the specific intersection of a well-known institutional acronym and a widely recognized healthcare software service. By combining these two elements, the disputed domain created a high risk of user redirection, targeting patients and staff who rely on the University of California, San Francisco (UCSF) for medical services and information.
The Context of UCSF’s Digital Infrastructure
The University of California, San Francisco, often abbreviated as UCSF, is a premier institution focused on health sciences, research, and patient care. As part of its modern healthcare delivery system, UCSF utilizes the MyChart portal, a common industry-standard tool that allows patients to access their medical records, communicate with providers, and manage appointments securely. Because this portal handles sensitive health information, the integrity of the web addresses associated with it is of paramount importance to the University.
The registration of ucsfmychart.net by an unrelated party, Mark Leonardo, presented an immediate conflict. The University maintains extensive intellectual property protections for the UCSF name, which is recognized globally in the fields of medicine and biological research. The addition of the word “mychart” to the institutional identifier created a domain that mirrored the actual service naming convention used by the University and other healthcare providers nationwide.
Identifying the Misappropriation of Identity
The core of the issue lay in how the domain was constructed. It utilized the entirety of the UCSF acronym, which has long been associated with the Regents of the University of California. In the digital environment, the prefix “ucsf” serves as a primary signifier of the institution’s official presence. When paired with “mychart,” the resulting domain name creates a direct link to the University’s specific healthcare services.
This combination is not merely a generic or descriptive string of text. Instead, it is a highly specific reference to the UCSF health system’s patient portal. The record indicates that there was no authorization granted to the respondent to use the UCSF name, nor was there any professional or commercial relationship that would justify the registration of a domain so closely tied to the University’s operational tools. The absence of any such permission or connection is a significant factor in determining the legitimacy of a domain registration.
Assessing the Intent Behind the Registration
In evaluating the circumstances surrounding the domain, the focus shifted to why a third party would select this specific string of characters. Given the international reputation of UCSF and the specific functional use of the MyChart platform, the selection of ucsfmychart.net appears highly targeted. The registration took place long after the University had established its presence in the healthcare sector and after the UCSF mark had gained significant recognition.
The administrative record did not show any evidence that the respondent was commonly known by the name “ucsfmychart” or that they had any legitimate business purpose for the domain. In many such instances, the registration of a domain that perfectly mimics a sensitive login portal or a specific institutional service suggests a desire to benefit from the confusion of users who are searching for official resources. In the healthcare sector, this type of imitation is particularly concerning because of the potential for users to inadvertently share personal or medical information if they believe they are on a legitimate University-controlled site.
Protecting the Patient-Provider Relationship
The University’s move to recover the domain was not just a matter of trademark enforcement, but also a measure of digital safety. The MyChart system is a cornerstone of the patient-provider relationship at UCSF. When a third party registers a domain that suggests an affiliation with such a service, it threatens the trust that patients place in the institution’s digital ecosystem.
The use of the .net extension did nothing to distinguish the domain from the University’s official .edu or .org properties in a way that would mitigate the risk of error. Users frequently overlook top-level domain extensions, focusing instead on the primary keywords. In this case, those keywords—UCSF and MyChart—were identical to those used by the University to facilitate patient care. By securing the transfer of the domain, the University effectively neutralized a potential point of failure in its digital security strategy.
Outcome and Institutional Safeguards
The administrative decision concluded that the domain should be transferred to the Regents of the University of California. This outcome underscores the necessity for large organizations to remain vigilant regarding their digital footprints. For an entity like UCSF, which manages both educational and clinical operations, the scope of brand protection must cover not only the primary institutional names but also the specific functional tools that the public associates with those names.
This case serves as a reminder that the unauthorized registration of domains that combine a famous brand with a specific service name is a common tactic that requires a formal response. The University’s successful recovery of ucsfmychart.net ensures that patients searching for their portal are less likely to be diverted to an unofficial and potentially harmful website. The transfer of the domain brings the address under the control of the Regents, allowing them to redirect it to the appropriate official resources and maintain the continuity of their online branding.
For academic and medical institutions, the takeaway is clear: the integration of service-oriented keywords with institutional marks creates a high-value target for unauthorized registrants. Proactive monitoring and the use of administrative dispute resolution remain essential tools for maintaining the security and reputation of healthcare systems in an increasingly complex digital landscape.
If you need help assessing or pursuing a UDRP transfer for a look‑alike domain, ClaimOn can assist.
