UC San Diego Health Sciences’ Office of Compliance and Privacy is committed to protecting the medical, personal, and sensitive information of UC San Diego Health Sciences’ patients. UC San Diego Health Science adheres to Health Insurance Portability and Accountability Act (HIPAA) and is dedicated to safeguarding patient Protected Health Information (PHI). The UC San Diego Health Sciences’ privacy team regularly monitors appropriate PHI usage and the team is always available as a resource for privacy related questions, trainings, and to investigate reports of privacy violations.
Health Insurance Portability Accountability Act (HIPAA)
In May 2002, the Board of Regents designated the University of California as a HIPAA hybrid covered entity and determined that UC would be a Single Health Care Component for the purposes of complying with the HIPAA Rule. All of the entities at UC are covered by the HIPAA Privacy and Security Rules — medical centers, medical clinics, health care providers, health plans, student health centers — are a single entity for purposes of compliance with HIPAA. However, the research function is excluded from HIPAA coverage at UC.
Accordingly, research health information that is not associated with a health care service is not subject to the HIPAA Privacy and Security Rules. Other state and federal laws govern privacy and confidentiality of personal health information obtained in research.
HIPAA regulations apply to employees, health care providers, trainees and volunteers at UC medical centers and affiliated health care sites or programs and employees who work with UC health plans. HIPAA regulations also apply to anyone who provides financial, legal, business, or administrative support to UC health care providers or health plans.Visit the
University of California, Office of the President (UCOP) HIPAA website for more information on HIPAA at UC.
Protected Health Information (PHI)
PHI is information created or received by a health care provider or health plan that includes health information or health care payment information plus information that personally identifies the individual patient or plan member. PHI identifiers include a patient's name, email, home address, identifying numbers (including Social Security, medical records, insurance numbers, biomedical devices, vehicle identifiers and license numbers), full facial photos, other biometric identifiers, and dates (such as birth date, dates of admission and discharge, death).
The HIPAA Privacy Rule provides Federal protections for PHI held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of PHI needed for patient care and other important purposes. HIPAA requires hospitals and care providers to have written and specific authorization from an individual patient (or patient's authorized personal representative) before using or disclosing the patient's PHI for purposes other than for treatment, payment or healthcare operations, except as required by law. Patients have the right to withhold or revoke an authorization for release of PHI.
Office for Civil Rights (OCR) will implement important privacy and security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act through notice and comment rulemaking, as required by the Administrative Procedure Act. These provisions include: business associate liability; new limitations on the sale of protected health information, marketing, and fundraising communications; and stronger individual rights to access electronic medical records and restrict the disclosure of certain information.
The California Confidentiality of Medical Information Act (CMIA) authorizes a provider of health care to disclose medical information without first obtaining authorization to a local health department for the purpose of preventing or controlling disease including for the purpose of public health interventions. (CA Civil Code §56.10(c)(18).)
The California Department of Public Health (CDPH) works to protect the public's health and helps shape positive health outcomes for individuals, families and communities. Effective January 1, 2015, pursuant to AB 1755 (Chapter 412, Statutes of 2014) specified health care providers must report a breach of medical information to CDPH and the affected patient.
California Prison Industry Association (CALPIA) is committed to promote and protect the privacy rights of individuals as enumerated in Article 1 of the California Constitution, the Information Practices Act (IPA) of 1977, and other relevant state and federal laws. CALPIA limits the collection of personal information and safeguards the privacy of personal information collected and/or maintained. CALPIA information management practices regarding personal information collected and managed conform to the requirements of, and are subject to, the limitations found under the following laws, rules, and regulations: the IPA (Civil Code Section 1798 – 1798.78), the Public Records Act (Government Code Section 6250 et seq.), Government Code Sections 11015.5 and 11019.9, Article 5 (commencing at Section 350.02) of Title 13 of the California Code of Regulations, and other applicable laws pertaining to information privacy.
This content editing box is for the main content of your page.