Ethics, Compliance and Audit Services
HIPAA Security Compliance
The HIPAA Security Rule, effective April 20, 2005, requires that workforce members adhere to controls and safeguards to: (1) ensure the confidentiality, integrity and availability of confidential information; and (2) detect and prevent reasonably anticipated errors and threats due to malicious or criminal actions, system failure, natural disasters and employee or user error.
Such events could result in damage to or loss of personal information, corruption or loss of data integrity, interruption of University activities, or compromise to the privacy of the University patients or employees and its records.
- UC Campus and Academic Health Center Security Liaisons
- UC Guidelines for HIPAA Security Rule Compliance
- Educational modules
All UC campuses have appointed a HIPAA Security Officer. The Security Officer is the local campus administrative resource for implementation of the HIPAA Security Rule.
|UC Berkeley||Paul Rivers, Interim Chief Information Security Officer|
|UC Davis||Cheryl Washington, Chief Information Security Officer|
|UC Davis Health System||Michael Minear, Chief Information Officer/Security Officer|
|UC Irvine||Jim Murry, Security Officer (interim), Health Affairs|
|UC Irvine Academic Health Center||Jim Murry, Security Officer (interim), Health Affairs|
|UCLA||Ross Bollens, Director, IT Security and Information Security Officer|
|UCLA Health System||Ann S. Chang, CISSP, Information Security Officer|
|UC Merced||Nick Dugan, Chief Information Security Officer|
|UC Office of the President||Jon Good, Director, Information Security|
|UC Riverside||Chuck Rowley, Associate Vice Chancellor, Computing & Communications|
|UC Riverside Student Health Services||Shelley Gupta, Chief Financial & Administrative Officer|
|UC San Diego Academic Health Center||Ken Wottge, Information Security Officer|
|UC San Francisco||Patrick Phelan, Director, Information Technology Services|
|UC San Francisco Medical Center||Patrick Phelan, Director, Information Technology Services|
|UC Santa Barbara||Doug Drury, Director, Administrative Services Information Technology|
|UC Santa Cruz||Mary Doyle, Vice Chancellor for IT|
|Lawrence Berkeley National Lab||Denise Sumikawa, Cyber Security Officer, Information Technology Division|
This document is intended to assist UC campus and medical center directors and managers to determine the implementation of practices to achieve compliance with the HIPAA Security Rule. It includes an appendix that serves as a snapshot of the HIPAA security regulations.
PowerPoint presentations have been developed as templates to facilitate staff training on the specifics of the security rule.
The educational module available with this link is a generic PowerPoint presentation that is designed to be customized at the campus level.
- Educational Module (ppt)