Skip to main content
Compliance Program

Compliance Program

Standard 5 — Respect of Confidentiality

All efforts will be made to protect personal and confidential or privileged information concerning the academic health center and health system's patients and the respective health care practices of those entities.  The University personnel will abide by applicable state and federal laws, including HIPAA privacy and security regulations.

  • University personnel shall not disclose confidential patient information unless authorized by the patient and/or when authorized by law. Approval for appropriate use of patient information for research purposes must be obtained from the Institutional Review Board.

  • Confidential patient information should only be discussed with or disclosed to appropriate University personnel as permitted by HIPAA policies.

  • Confidential patient information should not be discussed with or disclosed to non-University personnel unless authorized by the patient or permitted by law.  Non-University personnel include the family or business and social acquaintances of the patient or of University personnel, customers, suppliers, or others.

  • In general, patients can request and are entitled to receive copies or summaries of their records with the exception of non-emancipated minors, some mental health patients, and patients being treated for alcohol and drug abuse, who may be provided with copies of the records if it is appropriate as judged by their clinician.

  • Some information may be sought under the California Public Records Act, the Information Practices Act, or other statutes requiring the release of information.

  • University personnel who have any questions regarding patient confidentiality should refer to University policies for additional information and consult with appropriate supervisor, manager, the Compliance Office, or the Privacy Officer.

  • University personnel shall not reveal or disclose confidential medical staff or peer review information.  California and federal law bestows certain privileges and provides for confidentiality of certain records including the proceedings and records or organized committees of the medical staff and peer review bodies.

  • University personnel shall not reveal or disclose proprietary or trade secret information to unauthorized non-University persons.  Proprietary information may relate to University business affairs or the affairs of a vendor or contractor.

  • Personnel records are considered confidential.  Access to personnel files is limited to management, the human resources department staff, and internal auditors, and these individuals are held accountable for protecting the privacy of personnel records.