COVID-19 Updates

Visit UC San Diego's Coronavirus portal for the latest information for the campus community.


The content editing box (Page Content Two) is OPTIONAL and may be left empty. It is for a caption or pull quote that appears underneath your image.

UC San Diego Health Sciences (UCSDHS) Office of Compliance and Privacy is committed to protecting the medical, personal, and sensitive information of our patients here at UCSDHS. We adhere to the federal Health Insurance Portability and Accountability Act (HIPAA) law which provides safeguards to protect health data integrity and confidentiality. As part of our dedication to protecting Patient Health Information (PHI), the privacy team regularly monitors and investigates reports of inappropriate data usage. Our privacy team is always available as a resource for privacy related questions, training, and investigating privacy incidents.

What is Protected Health Information (PHI)?

Protected health information includes:

Information created or received by a health care provider or health plan that includes health information or health care payment information plus information that personally identifies the individual patient or plan member.

Personal identifiers include:

A patient's name and email, web site and home addresses; identifying numbers (including Social Security, medical records, insurance numbers, biomedical devices, vehicle identifiers and license numbers); full facial photos and other biometric identifiers; and dates (such as birth date, dates of admission and discharge, death).

Who has access to PHI?

The Health Insurance Portability and Accountability Act (HIPAA) requires hospitals and care providers to have written and specific authorization from an individual patient (or patient’s authorized personal representative) before using or disclosing the patient’s protected health information (PHI) for purposes other than for treatment, payment or healthcare operations, except as required by law. The individual has the right to withhold or revoke an authorization for release of PHI.

Health Insurance Portability Accountability Act (HIPAA)

In May 2002, the Board of Regents designated the University of California as a HIPAA hybrid covered entity and determined that UC would be a Single Health Care Component for the purposes of complying with the HIPAA Rule. All of the entities at UC covered by the HIPAA Privacy and Security Rules — medical centers, medical clinics, health care providers, health plans, student health centers — are a single entity for purposes of compliance with HIPAA. However, the research function is excluded from HIPAA coverage at UC.
Accordingly, research health information that is not associated with a health care service is not subject to the HIPAA Privacy and Security Rules. Other state and federal laws govern privacy and confidentiality of personal health information obtained in research.
HIPAA regulations apply to employees, health care providers, trainees and volunteers at UC medical centers and affiliated health care sites or programs and employees who work with UC health plans. HIPAA regulations also apply to anyone who provides financial, legal, business, or administrative support to UC health care providers or health plans.
Visit the University of California, Office of the President (UCOP) website for more information on HIPAA at UC.

This content editing box is for the main content of your page.