UCI Health will see you now: Welcome to our new co-workers and patients from Fountain Valley, Lakewood, Los Alamitos and Placentia Linda! 


Privacy Compliance

Under the federal Health Insurance Portability and Accountability Act (HIPAA), healthcare providers are required to:

  • Provide the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
  • Reduce health care fraud and abuse;
  • Meet industry-wide standards for healthcare information on electronic billing and other processes
  • Protect the confidentiality of personal health information

In practice, HIPAA requires UCI Health to:

  • Implement privacy and security policies, including those for notifying patients of their privacy rights and implementing mechanisms for patients to exercise those rights — such as accessing and amending their records, and requesting an accounting of  disclosures of their health information
  • Provide education and training to all staff and faculty
  • Establish mechanisms to accept and follow up on patient and other privacy complaints
  • Take corrective action when needed and mitigate the impact to patients of any breaches of their privacy
  • Designate a privacy officer and a security officer who are responsible for implementation of the HIPAA regulations within a covered entity

To protect patient privacy, we conduct surveys to ensure that:

  • Paper and electronic records containing patient information are physically and electronically safeguarded
  • Patient information is disclosed only as permitted by law or as authorized by the patient
  • There is surveillance of appropriate access to electronic patient records

View forms and more information about specific UCI Health privacy policies *:

* UCI Health credentials are required to view some of these forms.

Authorizations & Consent

Business Associates

The Privacy Rule requires UCI Health to enter into a confidentiality agreement with certain third parties when UCI Health shares PHI with the third party (e.g., non-health care providers) for the purposes of treatment, payment or healthcare operations. This is called a business associate agreement ("BAA").

A business associate relationship exists when an individual or entity, acting on behalf of UCI Health, assists in the performance of a function or activity involving the use or disclosure of UCI Health's PHI. The UC Irvine Purchasing Department is responsible for completing the University's HIPAA-compliant Business Associates Agreement (BAA) with outside vendors that provide goods or services to UCI Health. 


Guidance & Policies for Staff

Health Information Management

Health Information Management provides the following services and administrative oversight for all inpatients, emergency room encounters and ambulatory surgery patients:

  • Retrieval, maintenance and security of hospital medical records
  • Assembly, analysis and coordination of completion of required documentation
  • Transcription of dictated reports, as required for record completion
  • ICD-9-CM, CPT coding of hospital inpatient and hospital-based outpatient visits, as well as hospital ancillary services provided in association with ambulatory clinic visits
  • Release of information/correspondence functions

Log onto Health Information Management Department (HIM) (Request access) ›


Privacy Resources

Confidential Messages

Call 888-456-7006 or email


In this Section

Compliance Contacts

Chief Compliance & Privacy Officer

Deputy Compliance Officer

Compliance and Privacy Office

Notice of Privacy Practice

View the UCI Health Notice of Privacy Practice in English or in Spanish.

Compliance Tips

View our latest tip sheets ›

(password protected)

Compliance Week 2019

We will celebrate Compliance & Ethics Week Nov. 3-9, 2019.