WebbannersHRsite1506296

Privacy Compliance

Under the federal Health Insurance Portability and Accountability Act (HIPAA), healthcare providers are required to:

  • Provide the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
  • Reduce health care fraud and abuse;
  • Meet industry-wide standards for healthcare information on electronic billing and other processes
  • Protect the confidentiality of personal health information

In practice, HIPAA requires UC Irvine Health to:

  • Implement privacy and security policies, including those for notifying patients of their privacy rights and implementing mechanisms for patients to exercise those rights — such as accessing and amending their records, and requesting an accounting of  disclosures of their health information
  • Provide education and training to all staff and faculty
  • Establish mechanisms to accept and follow up on patient and other privacy complaints
  • Take corrective action when needed and mitigate the impact to patients of any breaches of their privacy
  • Designate a privacy officer and a security officer who are responsible for implementation of the HIPAA regulations within a covered entity

To protect patient privacy, we conduct surveys to ensure that:

  • Paper and electronic records containing patient information are physically and electronically safeguarded
  • Patient information is disclosed only as permitted by law or as authorized by the patient
  • There is surveillance of appropriate access to electronic patient records

View forms and more information about specific UC Irvine Health privacy policies *:


* UC Irvine Health credentials are required to view some of these forms.

Authorizations & Consent

Business Associates

The Privacy Rule requires UC Irvine Health to enter into a confidentiality agreement with certain third parties when UC Irvine Health shares PHI with the third party (e.g., non-health care providers) for the purposes of treatment, payment or healthcare operations. This is called a business associate agreement ("BAA").

A business associate relationship exists when an individual or entity, acting on behalf of UC Irvine Health, assists in the performance of a function or activity involving the use or disclosure of UC Irvine Health's PHI. The UC Irvine Purchasing Department is responsible for completing the University's HIPAA-compliant Business Associates Agreement (BAA) with outside vendors that provide goods or services to UC Irvine Health. 

Confidentiality

Health Information Management

Health Information Management provides the following services and administrative oversight for all inpatients, emergency room encounters and ambulatory surgery patients:

  • Retrieval, maintenance and security of hospital medical records
  • Assembly, analysis and coordination of completion of required documentation
  • Transcription of dictated reports, as required for record completion
  • ICD-9-CM, CPT coding of hospital inpatient and hospital-based outpatient visits, as well as hospital ancillary services provided in association with ambulatory clinic visits
  • Release of information/correspondence functions

Log onto Health Information Management Department (HIM) (Request access) ›

Guidance & Policies for Staff

HIPAA

Privacy Resources

Compliance Tips

View our latest tip sheets ›

(password protected)