Guidance and Policies

The following information will help guide you through your confidentiality questions as well as information on the UCLA Release of Information website.

Privacy and Security Guide for UCLA Workforce

• Office of the Governor Press Release re: AB211 & SB541 (09/30/08)
• A Health Care Provider's Guide To the HIPAA Privacy Rule
• A Patient's Guide To the HIPAA Privacy Rule
  

UCLA Health System Privacy Policies

Patient Privacy Rights

• HS 9401  Protection of Confidential Patient Information (Protected Health Information (PHI))
• HS 9410  Registration: Terms and Conditions of Service
• HS 9411  Notice of Privacy Practices
• HS 9412  Authorization for Use/Disclose of Protected Health Information (PHI)
• HS 9413  Patient Access to Protected Health Information (PHI)
• HS 9414  Request for Special Restrictions on Use/ Disclosure of (PHI)
• HS 9415  Request for Amendment of Protected Health Information (PHI)
• HS 9416  Request for Accounting of Disclosures
• HS 9417  Management of Patient / Family / Visitor Complaints and Grievances

PHI Management

• HS 9421  Employee Access to and Use of Protected Health Information (PHI) (Minimum Necessary Standard)
• HS 9422  Disclosure of Protected Health Information to Third Parties

Privacy-Compliance

• HS 9430 Business Associates 
• HS 9460  Privacy and Information Security Training
• HS 9490  Mitigation Policy

Visitor Policy

• Clinical Observers and Shadowers
  • For access to the forms and/or addendums listed in the policy, please contact LilyZhang@mednet.ucla.edu

Privacy-Marketing, Fundraising & Media Relations

• HS 9470  Use of PHI for Marketing Purposes
• HS 9471  Use of PHI for Fundraising
• HS 9472  Permissible Disclosures of PHI to the Public and the Media

Research

• HS 9440  Release of PHI for Research Purposes

UCLA Health System Information Security Policies

• HS 9450  Information Security
• HS 9451  Use of Electronic Information by UCLA Health Workforce (Employees)
• HS 9452  User Accounts (Authorizing Access to Restricted Information; Passwords)
  • HS 9452 - Health Sciences Administrative Access Standard
  • HS 9452 - Health Sciences Multifactor Authentication Standard
• HS 9453-A  Use of Electronic Mail (Email)
• HS 9453-A Health Sciences Email Standard
• HS 9453-B  Facsimile Transmission of Restricted Information
• HS 9453-C  Device and Removable Media Encryption
  
  • HS 9453-C Health Sciences Device Encryption Standard
• HS 9453-D  Remote Access
  • HS 9453-D Health Sciences Remote Access Standard
• HS 9454  Requests to Interface or Download Restricted Information
• HS 9455  Security Assessment and Management
• HS 9456  Physical Security of Restricted Information
• HS 9457 - Minimum Security Standards
  • Health Sciences Data-in-Motion Encryption Standard
  • Health Sciences Data and System Integrity Standard
  • Health Sciences Device Configuration Standard 
  • Health Sciences Network Device Configuration Standard
  • Health Sciences Risk Assessment Standard
  • Health Sciences Security Software Standard 
  • Health Sciences Vulnerability Management Standard
  • Health Sciences Wireless Communications Standard 
• HS 9458  Backup and Contigency Plans (Disaster Recovery)
• HS 9459  Privacy and Information Security Incident Reporting
• HS 9461  Privacy and Information Security Sanction Policy
• HS 9462  Privacy and Information Security Monitoring and Auditing
• HS 9462 Health Sciences Privacy and Information Security Auditing and Monitoring Standard