HIPAA Security Rule Implementation
ON THIS PAGE:
The UCSC HIPAA Security Rule Policy was approved by the Campus Provost and Executive Vice Chancellor on December 20, 2006.
Policy
- UCSC HIPAA SECURITY RULE POLICY (Rev. 12/5/13)
- Attachment 1: UCSC Practices for HIPAA Security Rule Compliance (Rev. 6/16/15)
- Introduction to Practices for Compliance (PDF, Rev. 1/22/08)
- Attachment 2: UCSC HIPAA Security Rule Compliance Workbook (PDF, Rev. 6/16/15) (Word format)
- Attachment 3: Current list of UCSC entities subject to HIPAA Security Rule requirements (Rev. 6/2015)
- Attachment 4: UCSC HIPAA Risk Analysis Template - Word format; Excel format (Rev. 12/19/13)
Training
- General HIPAA Security Rule training
- HIPAA Security Rule training for ITS employees with HIPAA-related responsibilities
Additional Resources and References
- Federal Law: HIPAA Privacy & Security Laws mandate protection and safeguards for access, use and disclosure of PHI and/or ePHI with sanctions for violations
- State Law: California Information Practices Act, Consumer Records, outlines the definition of and required protections for protected health information. California Civil Code 1798.81.5
- UC's HIPAA Website
- UC HIPAA Policies - effective Sept 2010
- HIPAA Security Rule educational materials from the US Department of Health and Human Services
- US Department of Health and Human Services' main HIPAA page
Report a Violation
- HIPAA Security violations: Use any of the reporting methods listed at http://its.ucsc.edu/security/report.html
- HIPAA Privacy violations: Contact the Whistleblower Office
Please send comments to ispolicy@ucsc.edu
Last reviewed 8/25/15