HIPAA Security Rule Implementation

The UCSC HIPAA Security Rule Policy was approved by the Campus Provost and Executive Vice Chancellor on December 20, 2006.

Policy

• UCSC HIPAA SECURITY RULE POLICY (Rev. 06/01/23)
• Attachment 1: UCSC Practices for HIPAA Security Rule Compliance (Rev. 6/16/15)
  • Introduction to Practices for Compliance (PDF, Rev. 1/22/08)
• Attachment 2: UCSC HIPAA Security Rule Compliance Workbook (PDF, Rev. 6/16/15) (Word format)
• Attachment 3: Current list of UCSC entities subject to HIPAA Security Rule requirements (Rev. 6/2015)
• Attachment 4: UCSC HIPAA Risk Analysis Template - Word format; Excel format (Rev. 12/19/13)

Training

• Health Care Privacy Training (UC Learning Center) 
• HIPAA Security Rule Training for ITS employees with HIPAA-related Responsibilities

Additional Resources and References

• Federal Law: HIPAA Privacy & Security Laws mandate protection and safeguards for access, use and disclosure of PHI and/or ePHI with sanctions for violations
• State Law: California Information Practices Act, Consumer Records, outlines the definition of and required protections for protected health information. California Civil Code 1798.81.5
• University of California Policy: Health Privacy (HIPAA) Compliance
• U.S. Department of Health and Human Services: Health Information Privacy , HIPAA Privacy Guidance and HIPAA Security Rule Guidance

Report a Violation

• HIPAA Security violations: Use any of the reporting methods listed at http://its.ucsc.edu/security/report.html
• HIPAA Privacy violations: Contact the Whistleblower Office

Please send comments to ispolicy@ucsc.edu

Last reviewed 11/9/23