Ethics, Compliance and Audit Services
HIPAA Security Compliance
The HIPAA Security Rule, effective April 20, 2005, requires that workforce members adhere to controls and safeguards to: (1) ensure the confidentiality, integrity and availability of confidential information; and (2) detect and prevent reasonably anticipated errors and threats due to malicious or criminal actions, system failure, natural disasters and employee or user error.
Such events could result in damage to or loss of personal information, corruption or loss of data integrity, interruption of University activities, or compromise to the privacy of the University patients or employees and its records.
Security resources
UC Campus and Academic Health Center Security Liaisons
All UC campuses have appointed a HIPAA Security Officer. The Security Officer is the local campus administrative resource for implementation of the HIPAA Security Rule.
| Location | Security Officer |
|---|---|
| UC Berkeley | Allison Henry, Chief Information Security Officer |
| UC Davis | Cheryl Washington, Chief Information Security Officer |
| UC Davis Health System | Nicholas Borton, Chief Information Security Officer |
| UC Irvine Health System | Gabriel Gracia, Chief Information Security Officer |
| UCLA | Drake Chang, Chief Information Security Officer |
| UCLA Health Services | Edgar Tijerino, Chief Information Security Officer |
| UC Merced | Nick Dugan, Chief Information Officer |
| UC Office of the President | Monte Ratzlaff, Cyber-Risk Program Manager |
| UC Riverside Campus (School of Medicine) | Matthew Summerville, Chief Information Security Officer |
| UC Riverside Student Health | Dewight Kramer, Chief Information Security Officer |
| UC San Diego Academic Health Center | Chris Longhurst, MD, Chief Information Officer |
| UC San Francisco | Patrick Phelan, Information Security Officer |
| UC Santa Barbara | Kip Bates, Interim Chief Information Security Officer |
| UC Santa Cruz | Brian Hall, Chief Information Security Officer |
| Lawrence Berkeley National Lab | Denise Sumikawa, Cyber Security Officer, Information Technology Division |
Educational modules
PowerPoint presentations have been developed as templates to facilitate staff training on the specifics of the security rule.
The educational module available with this link is a generic PowerPoint presentation that is designed to be customized at the campus level.
(back to top)