Privacy of Patient Medical Records

The following United States and California laws protect the privacy of patient medical records:

• United States Health Insurance Portability & Accountability Act of 1996 (HIPAA)
• California Assembly Bill 211 (AB 211)
• California Senate Bill 541 (SB 541)

Penalty for Lack of Compliance

Students, faculty, and staff must observe these laws both as individuals and as representatives of UCSF. Failure to do so can result in fines, penalties, and sanctions imposed upon the institution. Additionally, individuals involved in a violation can be subject to fines, disciplinary actions, and termination of employment.

Your Responsibilities

If you access protected health information (PHI) or personally identifiable information (PII), you must:

1. Access, use, and disclose only the information necessary.
2. Use encryption and other safeguards to protect verbal, written, and electronic health information.
3. Use the secure e-mail system when communicating ePHI.
4. Dispose of health information appropriately.
5. De-identify information whenever possible.
6. Keep your accounts secure.
7. Immediately report incidents to:
   1. UCSF Police (415/476-1414)
   2. UCSF Privacy Office (415/353-2750).

Training

All student pharmacists and University employees receive training regarding these privacy laws.

Go To: About Privacy