Privacy Compliance

Under the federal Health Insurance Portability and Accountability Act (HIPAA), healthcare providers are required to:

  • Provide the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
  • Reduce health care fraud and abuse;
  • Meet industry-wide standards for healthcare information on electronic billing and other processes
  • Protect the confidentiality of personal health information

In practice, HIPAA requires UCI Health to:

  • Implement privacy and security policies, including those for notifying patients of their privacy rights and implementing mechanisms for patients to exercise those rights — such as accessing and amending their records, and requesting an accounting of  disclosures of their health information
  • Provide education and training to all staff and faculty
  • Establish mechanisms to accept and follow up on patient and other privacy complaints
  • Take corrective action when needed and mitigate the impact to patients of any breaches of their privacy
  • Designate a privacy officer and a security officer who are responsible for implementation of the HIPAA regulations within a covered entity

To protect patient privacy, we conduct surveys to ensure that:

  • Paper and electronic records containing patient information are physically and electronically safeguarded
  • Patient information is disclosed only as permitted by law or as authorized by the patient
  • There is surveillance of appropriate access to electronic patient records

View forms and more information about specific UCI Health privacy policies *:

* UCI Health credentials are required to view some of these forms.

Authorizations & Consent

Business Associates

The Privacy Rule requires UCI Health to enter into a confidentiality agreement with certain third parties when UCI Health shares PHI with the third party (e.g., non-health care providers) for the purposes of treatment, payment or healthcare operations. This is called a business associate agreement ("BAA").

A business associate relationship exists when an individual or entity, acting on behalf of UCI Health, assists in the performance of a function or activity involving the use or disclosure of UCI Health's PHI. The UC Irvine Purchasing Department is responsible for completing the University's HIPAA-compliant Business Associates Agreement (BAA) with outside vendors that provide goods or services to UCI Health. 


Guidance & Policies for Staff

Health Information Management

Health Information Management provides the following services and administrative oversight for all inpatients, emergency room encounters and ambulatory surgery patients:

  • Retrieval, maintenance and security of hospital medical records
  • Assembly, analysis and coordination of completion of required documentation
  • Transcription of dictated reports, as required for record completion
  • ICD-9-CM, CPT coding of hospital inpatient and hospital-based outpatient visits, as well as hospital ancillary services provided in association with ambulatory clinic visits
  • Release of information/correspondence functions

Log onto Health Information Management Department (HIM) (Request access) ›


Privacy Resources

Confidential Messages

Call 888-456-7006 or email


In this Section...

Notice of Privacy Practice

View the UCI Health Notice of Privacy Practice in English or in Spanish.

Compliance Tips

View our latest tip sheets ›

(password protected)

Compliance Week 2019

We will celebrate Compliance & Ethics Week Nov. 3-9, 2019.

Compliance Contacts

Chief Compliance & Privacy Officer

Deputy Compliance Officer

Compliance and Privacy Office