HIPAA Security Rule Implementation
ON THIS PAGE:
The UCSC HIPAA Security Rule Policy was approved by the Campus Provost and Executive Vice Chancellor on December 20, 2006.
Policy
- UCSC HIPAA SECURITY RULE POLICY (Rev. 06/01/23)
- Attachment 1: UCSC Practices for HIPAA Security Rule Compliance (Rev. 6/16/15)
- Introduction to Practices for Compliance (PDF, Rev. 1/22/08)
- Attachment 2: UCSC HIPAA Security Rule Compliance Workbook (PDF, Rev. 6/16/15) (Word format)
- Attachment 3: Current list of UCSC entities subject to HIPAA Security Rule requirements (Rev. 6/2015)
- Attachment 4: UCSC HIPAA Risk Analysis Template - Word format; Excel format (Rev. 12/19/13)
Training
- Health Care Privacy Training (UC Learning Center)
- HIPAA Security Rule Training for ITS employees with HIPAA-related Responsibilities
Additional Resources and References
- Federal Law: HIPAA Privacy & Security Laws mandate protection and safeguards for access, use and disclosure of PHI and/or ePHI with sanctions for violations
- State Law: California Information Practices Act, Consumer Records, outlines the definition of and required protections for protected health information. California Civil Code 1798.81.5
- University of California Policy: Health Privacy (HIPAA) Compliance
- U.S. Department of Health and Human Services: Health Information Privacy , HIPAA Privacy Guidance and HIPAA Security Rule Guidance
Report a Violation
- HIPAA Security violations: Use any of the reporting methods listed at http://its.ucsc.edu/security/report.html
- HIPAA Privacy violations: Contact the Whistleblower Office
Please send comments to ispolicy@ucsc.edu
Last reviewed 11/9/23
- IT Policies
- Data Resource Classification
- Protection Levels for UC Institutional Information
- Security Web Site
- Availability Levels for UC Institutional Information
- IT Policy-Related Terms
Need Help?
Call: (831) 459-HELP (9-4357)
Email: help@ucsc.edu
UC Santa Cruz, 1156 High Street, Santa Cruz, Ca 95064
©2023 Regents of the University of California. All Rights Reserved.