HIPAA Security Compliance

The HIPAA Security Rule, effective April 20, 2005, requires that workforce members adhere to controls and safeguards to: (1) ensure the confidentiality, integrity and availability of confidential information; and (2) detect and prevent reasonably anticipated errors and threats due to malicious or criminal actions, system failure, natural disasters and employee or user error.

Such events could result in damage to or loss of personal information, corruption or loss of data integrity, interruption of University activities, or compromise to the privacy of the University patients or employees and its records.

Security resources

UC Campus and Academic Health Center Security Liaisons

All UC campuses have appointed a HIPAA Security Officer. The Security Officer is the local campus administrative resource for implementation of the HIPAA Security Rule.

UC Berkeley Allison Henry, Chief Information Security Officer
UC Davis Cheryl Washington, Chief Information Security Officer
UC Davis Health System Lee Smith, IT Security Operations Manager
UC Irvine Health System Sriram BharadwajDirector, Information Services & CISO
UCLA Michael Van NormanChief Information Security Officer
UCLA Health Services Ann S. Chang, CISSP, Information Security Officer
UC Merced Nick Dugan, Chief Information Security Officer
UC Office of the President Monte RatzlaffCyber-Risk Program Manager
UC Riverside Campus (School of Medicine) Shawn Kelly, Information Security Officer
UC Riverside Student Health John Virden, Chief Information Security Officer
UC San Diego Academic Health Center Chris Longhurst, MD, Chief Information Officer
UC San Francisco Patrick Phelan, Information Security Officer
UC Santa Barbara Sam Horowitz, Chief Information Security Officer
UC Santa Cruz Byron Walker, Chief Information Security Officer
Lawrence Berkeley National Lab Denise Sumikawa, Cyber Security Officer, Information Technology Division

(back to top)

UC Guidelines for HIPAA Security Rule Compliance (pdf)

This document is intended to assist UC campus and medical center directors and managers to determine the implementation of practices to achieve compliance with the HIPAA Security Rule. It includes an appendix that serves as a snapshot of the HIPAA security regulations.

(back to top)

Educational modules

PowerPoint presentations have been developed as templates to facilitate staff training on the specifics of the security rule.

The educational module available with this link is a generic PowerPoint presentation that is designed to be customized at the campus level.

(back to top)