Health Insurance Portability and Accountability Act of 1996 (HIPAA)

In May 2002, the Board of Regents designated the University of California as a HIPAA hybrid covered entity and determined that UC would be a Single Health Care Component for the purposes of complying with the HIPAA Rule. All of the entities at UC covered by the HIPAA Privacy and Security Rules — medical centers, medical clinics, health care providers, health plans, student health centers — are a single entity for purposes of compliance with HIPAA. However, the research function is excluded from HIPAA coverage at UC.

Accordingly, research health information that is not associated with a health care service is not subject to the HIPAA Privacy and Security Rules. Other state and federal laws govern privacy and confidentiality of personal health information obtained in research.

Who is subject to HIPAA at UC? HIPAA regulations apply to employees, health care providers, trainees and volunteers at UC medical centers and affiliated health care sites or programs and employees who work with UC health plans. HIPAA regulations also apply to anyone who provides financial, legal, business, or administrative support to UC health care providers or health plans.

The links below provides access to a range of documents developed by the UC Systemwide HIPAA Taskforce to implement the Health Insurance Portability and Accountability Act of 1996 (HIPAA) at the University of California. Among these materials are guidelines, educational modules in the form of PowerPoint presentations, links to local campus HIPAA efforts and various authorization forms associated with the privacy, security and research aspects of the HIPAA Privacy and Security Rules.

For more information: Contact your campus privacy or security officer.


HIPAA Privacy Compliance

Contains campus privacy contacts, guidelines, notices of privacy practices, educational modules and details of UC self-funded health plans.

HIPAA Security Compliance

Contains campus security contacts, guidelines and educational modules related to the HIPAA Security Rule.

HIPAA Research Compliance

Research health information that is associated with a health care service is subject to the HIPAA Privacy and Security Rules. Contains guidelines, FAQs and educational resources.

UC Complaint Process

You may file a complaint if you believe that UC is not complying with applicable HIPAA requirements.

University of California Policies implementing HIPAA

Additional resources