Privacy Compliance

Under the federal Health Insurance Portability and Accountability Act (HIPAA), healthcare providers are required to:

  • Provide the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
  • Reduce health care fraud and abuse;
  • Meet industry-wide standards for healthcare information on electronic billing and other processes
  • Protect the confidentiality of personal health information

In practice, HIPAA requires UC Irvine Health to:

  • Implement privacy and security policies, including those for notifying patients of their privacy rights and implementing mechanisms for patients to exercise those rights — such as accessing and amending their records, and requesting an accounting of  disclosures of their health information
  • Provide education and training to all staff and faculty
  • Establish mechanisms to accept and follow up on patient and other privacy complaints
  • Take corrective action when needed and mitigate the impact to patients of any breaches of their privacy
  • Designate a privacy officer and a security officer who are responsible for implementation of the HIPAA regulations within a covered entity

To protect patient privacy, we conduct surveys to ensure that:

  • Paper and electronic records containing patient information are physically and electronically safeguarded
  • Patient information is disclosed only as permitted by law or as authorized by the patient
  • There is surveillance of appropriate access to electronic patient records

View forms and more information about specific UC Irvine Health privacy policies:

Authorizations & Consent

Business Associates


Health Information Management

Health Information Management provides the following services and administrative oversight for all inpatients, emergency room encounters and ambulatory surgery patients:

  • Retrieval, maintenance and security of hospital medical records
  • Assembly, analysis and coordination of completion of required documentation
  • Transcription of dictated reports, as required for record completion
  • ICD-9-CM, CPT coding of hospital inpatient and hospital-based outpatient visits, as well as hospital ancillary services provided in association with ambulatory clinic visits
  • Release of information/correspondence functions

Log onto Health Information Management Department (HIM) (Request access) ›

Guidance & Policies for Staff


Privacy Resources

Compliance Tips

View our latest tip sheets ›

(password protected)