HIPAA Security Rule Implementation at UCSC

Home UCSC Information Security Security & Technology Policies and Guidelines HIPAA Security Rule Implementation at UCSC

The UCSC HIPAA Security Rule Policy was approved by the Campus Provost and Executive Vice Chancellor on December 20, 2006.

| Policy | Training | Additional Resources and References | Report a Violation |

Policy

• UCSC HIPAA Security Rule Policy
  • Policy review letter (PDF)


• Attachment 1: UCSC Practices for HIPAA Security Rule Compliance (Rev. 4/7/09)
  • Introduction to Practices for Compliance (PDF Rev. 1/22/08)


• Attachment 2: UCSC HIPAA Security Rule Compliance Workbook (PDF, Rev. 4/7/09)
  (Word format)


• Attachment 3: Current list of UCSC entities subject to HIPAA Security Rule requirements, (Rev. 1/25/08)

 

Training

• General HIPAA Security Rule training is available on Internal Audit's website (Scroll down to the fourth item, “Security Rule Overview”)


• HIPAA Security Rule training for ITS employees with HIPAA-related responsibilities

 

Additional Resources and References

• Federal Law: HIPAA Privacy & Security Laws mandate protection and safeguards for access, use and disclosure of PHI and/or ePHI with sanctions for violations


• State Law: California Information Practices Act, Consumer Records, outlines the definition of and required protections for protected health information. California Civil Code 1798.81.5


• UC's HIPAA Website


• HIPAA Security Rule educational materials from the US Department of Health and Human Services


• US Department of Health and Human Services' main HIPAA page

 

Report a Violation

• HIPAA Security violations: Contact itpolicy@ucsc.edu or the Whistleblower Office
• HIPAA Privacy violations: Contact the Whistleblower Office

Please send comments to itpolicy@ucsc.edu.

Rev. 4/7/09