Guidance and Policies

The following information will help guide you through your confidentiality questions as well as information on the UCLA Release of Information website.

Privacy and Security Guide for UCLA Workforce

• Office of the Governor Press Release re: AB211 & SB541 (09/30/08)
• A Health Care Provider's Guide To the HIPAA Privacy Rule
• A Patient's Guide To the HIPAA Privacy Rule

UCLA Health System Privacy Policies

Patient Privacy Rights

• HS 9401  Protection of Confidential Patient Information (Protected Health Information (PHI))
• HS 9410  Registration: Terms and Conditions of Service
• HS 9411  Notice of Privacy Practices
• HS 9412  Authorization for Use/Disclose of Protected Health Information (PHI)
• HS 9413  Requests to Access and Receive Copies of Patient Records in any Format, Including Electronic

PHI Management

• HS 9421 Employee Access to and Use of Protected Health Information (PHI) (Minimum Necessary Standard)

Privacy-Compliance

• HS 9430 Business Associates
• HS 9460  Privacy and Information Security Training
• HS 9490  Mitigation Policy

Privacy-Marketing, Fundraising & Media Relations

• HS 9470  Use of PHI for Marketing Purposes
• HS 9471  Use of PHI for Fundraising Purposes
• HS 9472  Permissible Disclosures of PHI to the Media and the Public

Research

• HS 9440 Release of PHI for Research Purposes

UCLA Health System Information Security Policies

• HS 9450  Information Security
• HS 9451  Use of Electronic Information by UCLA Health Workforce (Employees)
• HS 9452  User Accounts (Authorizing Access to Restricted Information; Passwords)
  • HS 9452 - Health Sciences Administrative Access Standard
  • HS 9452 - Health Sciences Multifactor Authentication Standard
• HS 9453-A  Use of Electronic Mail (Email)
• HS 9453-A Health Sciences Email Standard
• HS 9453-B  Facsimile Transmission of Restricted Information
• HS 9453-C  Device and Removable Media Encryption
  
  • HS 9453-C Health Sciences Device Encryption Standard
• HS 9453-D  Remote Access
  • HS 9453-D Health Sciences Remote Access Standard
• HS 9454  Requests to Interface or Download Restricted Information
• HS 9455  Security Assessment and Management
• HS 9456  Physical Security of Restricted Information
• HS 9457 - Minimum Security Standards
  • Health Sciences Data-in-Motion Encryption Standard
  • Health Sciences Data and System Integrity Standard
  • Health Sciences Device Configuration Standard
  • Health Sciences Network Device Configuration Standard
  • Health Sciences Risk Assessment Standard
  • Health Sciences Secure System Development Life Cycle (SDLC) Standard
  • Health Sciences Security Software Standard
  • Health Sciences Vulnerability Management Standard
  • Health Sciences Wireless Communications Standard 
• HS 9458  Backup and Contigency Plans (Disaster Recovery)
• HS 9459 Privacy and Information Security Incident Reporting
• HS 9461  Privacy and Information Security Sanction Policy
• HS 9462  Privacy and Information Security Monitoring and Auditing
• HS 9462 Health Sciences Privacy and Information Security Auditing and Monitoring Standard