Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The Board of Regents has designated the University of California as a HIPAA hybrid covered entity. The university is a Single Health Care Component for the purposes of complying with the HIPAA Rule. All of the entities at UC covered by the HIPAA Privacy and Security Rules — medical centers, medical clinics, health care providers, health plans, student health centers — are a single entity for purposes of compliance with HIPAA.

Medical research, however, is excluded from HIPAA coverage at UC. As such, research health information that is not associated with a health care service is not subject to the HIPAA Privacy Rule. Other state and federal laws govern privacy and confidentiality of personal health information obtained in research. More detailed information regarding HIPAA and research privacy policies at UC Davis Health is available on the Research Compliance Policies, Resources, and References page.

For future information please see the US Department of Health and Human Services HIPAA informational pages.

The Privacy Rule

The HIPAA Privacy Rule created federal standards to protect individuals’ medical records and protected health information (PHI). These standards apply to health plans and health care providers that conduct certain electronic health care transactions.  The Privacy Rule requires reasonable safeguards to protect the privacy of PHI, and limits the types of use and disclosures that may be made regarding such information without patient authorization. The Privacy Rule also gives patients rights over their health information, including the right to examine, obtain a copy of their health records, and to request corrections.

The UC Davis Health Notice of Privacy Practices details patient privacy rights and how patient medical information is used and disclosed at UCD Health.

UC Davis Health patients can request copies or changes of their medical records from the Health Information Management Department (HIM).

More information on both HIPAA for individuals and patients and HIPAA for health care providers and professionals is available from the U.S. Department of Health & Human Services.

Who is subject to HIPAA at UC?

HIPAA regulations apply to employees, health care providers, trainees and volunteers at UC medical centers and affiliated health care sites or programs and employees who work with UC health plans. HIPAA regulations also apply to anyone who provides financial, legal, business, or administrative support to UC health care providers or health plans.

Visit the University of California, Office of the President (UCOP) website for more information on HIPAA at UC.