HIPAA Security Rule Implementation

ON THIS PAGE:

The UCSC HIPAA Security Rule Policy was approved by the Campus Provost and Executive Vice Chancellor on December 20, 2006.

UCSC HIPAA SECURITY RULE POLICY (Rev. 12/1/10)
Attachment 1: UCSC Practices for HIPAA Security Rule Compliance (Rev. 1/14/13)
- Introduction to Practices for Compliance (PDF, Rev. 1/22/08)
Attachment 2: UCSC HIPAA Security Rule Compliance Workbook (PDF, Rev. 1/14/13) (Word format)
Attachment 3: Current list of UCSC entities subject to HIPAA Security Rule requirements (Rev. 11/2010)
Attachment 4: UCSC HIPAA Risk Analysis Template - Word format; Excel format (Rev. 5/25/11)

General HIPAA Security Rule training is available on Internal Audit's website (Scroll down to the fourth item, “Security Rule Overview”)
HIPAA Security Rule training for ITS employees with HIPAA-related responsibilities

Federal Law: HIPAA Privacy & Security Laws mandate protection and safeguards for access, use and disclosure of PHI and/or ePHI with sanctions for violations
State Law: California Information Practices Act, Consumer Records, outlines the definition of and required protections for protected health information. California Civil Code 1798.81.5
UC's HIPAA Website
UC HIPAA Policies - effective Sept 2010
HIPAA Security Rule educational materials from the US Department of Health and Human Services
US Department of Health and Human Services' main HIPAA page

HIPAA Security violations: Contact itpolicy@ucsc.edu or the Whistleblower Office
HIPAA Privacy violations: Contact the Whistleblower Office

Please send comments to itpolicy@ucsc.edu

Last reviewed 1/14/13

Information Technology Services