Frequently Asked Questions

Information Security

Office of Compliance Services - Information Security

• What is the Office of Compliance Services – Information Security?

  The Office of Compliance Services – Information Security works with the UCLA Health System and the David Geffen School of Medicine to oversee compliance with applicable information security laws, regulations, policies and procedures. We help ensure that our workforce is protecting our sensitive and restricted information while maintaining the confidentiality, integrity and availability of electronic information and resources.

• How does the Office of Compliance Services – Information Security oversee information security compliance?

  A number of things we do:

  • Review and help revise the UCLA Health System policies, procedures and guidelines to define what information needs to be protected and how.
  • Develop educational materials and provide training.
  • Coordinate with ISS Risk Assessors to work with departments and business units to perform security assessments, evaluate risks, and develop remediation plans to reduce the risks.
  • Investigate security incidents
  • Perform auditing and monitoring of compliance with information security laws, regulations, policies and procedures

• How can Office of Compliance Services – Information Security help me safeguard my information?

  You may contact us for:

  • Advice on policies, regulations and laws relating to Information Security
  • Consulting help on how to ensure new projects and purchases are compliant with requirements
  • Suspected security incidents or breaches
  • Any questions you may have on Information Security

• I’m considering buying a new product or service – should I contact the Office of Compliance Services?

  If the product or service will transmit or store Restricted Information, please contact us by emailing InfoSecAll@mednet.ucla.edu. We can help ensure the product or service is in compliance with UCLA Health’s policies.

• When should I contact the Office of Compliance Services when buying a new product or service?

  It is best to contact the Office of Compliance Services as early as possible in the process, preferably before any contracts or agreements are signed.

• How do I contact Office of Compliance Services – Information Security?

  You may contact us by phone at (310) 794-8638 or email PrivacyInfoSec@mednet.ucla.edu.

  You may also contact us individually:
  Ann Chang, Chief Information Security Officer, AChang@mednet.ucla.edu, x46761
  Armando French, Security Analyst, ArmandoFrench@mednet.ucla.edu, x48284
  Leon Chen, Security Analyst, LZChen@mednet.ucla.edu, x46746

See more frequently asked questions >>