Responsibilities of UC's HIPAA Single Health Care Component (SHCC) Campus Privacy Liaisons and Academic Health Center Privacy Officers

The HIPAA Taskforce recommends that each chancellor designate one or more individuals responsible for carrying out the following responsibilities in coordination with the efforts of the Systemwide HIPAA Taskforce and University's HIPAA Privacy Officer:

  1. Provide accountability to the campus Chancellor and/or academic health center leadership regarding the University's Single Health Care Component's compliance with HIPAA and report at the local and system level to executive management and others as required by local or system policy;
  2. Manage the development and implementation of campus or academic health center policies and procedures necessary for carrying out the requirements of the HIPAA System Policies and the Privacy Rule and the education of the campus workforce with respect to the Privacy Rule;
  3. Develop campus or academic health center policies and a process to provide for required workforce training, documentation of the training in written or electronic form and retention of training records for at least six years:
    1. Certify on an annual basis to the HIPAA Taskforce and University Privacy Officer that required workforce training and documentation standards have been met;
    2. Documentation, at a minimum, must be either by individual, workforce category, or department or division;
  4. Serve as the campus or academic health center liaison (s) to the University's HIPAA Taskforce;
  5. Serve as the campus or academic health center individual (s) responsible for assuring that HIPAA required mitigation, complaint, and sanction standards and policies are implemented and documented;
  6. Serve as the campus or academic health center contact person (s) responsible for determining what office or individual (s) will receive complaints and provide information regarding the campus's HIPAA privacy practices;
    1. Cooperate with complaint investigations and compliance reviews;
    2. Permit access to information as required by DHHS and permitted under the Privacy Rule;
    3. In coordination with the HIPAA Taskforce, determine who will access complaint information and for what purposes in order to use complaints as evaluative and improvement tools;
  7. Modify and update all Privacy Rule policies and the Notice as determined by the System HIPAA Taskforce and required by changes in federal or State law or as needed to respond to UC policy changes;
  8. Assure that the Privacy Rule required documentation is accomplished and records maintained by the campus or academic health center and provide certification to the Board of Regents or management as required in local or system policy; and
  9. Maintain records of the campus or academic health center's Privacy Officer or Liaison's job description and, where appropriate, location of the Privacy office or contact person.