Guidance and Policies

The following information will help guide you through your confidentiality questions as well as information on the UCLA Release of Information website.

Privacy and Security Guide for UCLA Workforce

• Office of the Governor Press Release re: AB211 & SB541 (09/30/08)
• A Health Care Provider's Guide To the HIPAA Privacy Rule
• A Patient's Guide To the HIPAA Privacy Rule
  

UCLA Health System Privacy Policies

Patient Privacy Rights

• HS 9401  Protection of Confidential Patient Information (Protected Health Information (PHI))
• HS 9410  Registration: Terms and Conditions of Service
• HS 9411  Notice of Privacy Practices
• HS 9412  Authorization for Use/Disclose of Protected Health Information (PHI)
• HS 9413  Patient Access to Protected Health Information (PHI)
• HS 9414  Request for Special Restrictions on Use/ Disclosure of (PHI)
• HS 9415  Request for Amendment of Protected Health Information (PHI)
• HS 9416  Request for Accounting of Disclosures
• HS 9417  Management of Patient / Family / Visitor Complaints and Grievances

PHI Management

• HS 9420  Medical Records
• HS 9421  Employee Access to and Use of Protected Health Information (PHI) (Minimum Necessary Standard)
• HS 9422  Disclosure of Protected Health Information to Third Parties
• HS 9423  Records Retention
• HS 9424  Records Storage and Destruction

Privacy-Compliance

• HS 9430  Business Associates
• HS 9460  Privacy and Information Security Training
• HS 9490  Mitigation Policy

Visitor Policy

• Clinical Observers and Shadowers
  • For access to the forms and/or addendums listed in the policy, please contact LilyZhang@mednet.ucla.edu

Privacy-Marketing, Fundraising & Media Relations

• HS 9470  Use of PHI for Marketing Purposes
• HS 9471  Use of PHI for Fundraising
• HS 9472  Permissible Disclosures of PHI to the Public and the Media

Research

• HS 9440  Release of PHI for Research Purposes

UCLA Health System Information Security Policies

• HS 9450  Information Security
• HS 9451  Use of Electronic Information by UCLA Health Workforce (Employees)
• HS 9452  User Accounts (Authorizing Access to Restricted Information; Passwords)
  • HS 9452 - Health Sciences Administrative Access Standard
  • HS 9452 - Health Sciences Multifactor Authentication Standard
• HS 9453-A  Use of Electronic Mail (Email)
• HS 9453-A Health Sciences Email Standard
• HS 9453-B  Facsimile Transmission of Restricted Information
• HS 9453-C  Device and Removable Media Encryption
  
  • HS 9453-C Health Sciences Device Encryption Standard
• HS 9453-D  Remote Access
  • HS 9453-D Health Sciences Remote Access Standard
• HS 9454  Requests to Interface or Download Restricted Information
• HS 9455  Security Assessment and Management
• HS 9456  Physical Security of Restricted Information
• HS 9457  Minimum Security Standards for Network Devices
• HS 9458  Backup and Contigency Plans (Disaster Recovery)
• HS 9459  Privacy and Information Security Incident Reporting
• HS 9461  Privacy and Information Security Sanction Policy
• HS 9462  Privacy and Information Security Monitoring and Auditing