Privacy of Patient Records (HIPAA)

The Health Insurance Portability & Accountability Act of 1996 (HIPAA) is a United States federal law that protects the privacy of patient medical records. Patients have rights to:

Access and amend their medical records

Be notified of privacy practices of medical providers

Confidential communications with medical providers

File complaints regarding medical providers.

Penalty for Lack of Compliance

Failure to comply with HIPAA requirements and standards could result in fines of US$100 per violation.

Wrongful disclosure of individually identifiable health information could result in penalties of up to US$250,000 or 10 years in prison or both, depending on the conditions of the offense.

More Information

The information provided above is simplified to make HIPAA easier to understand. For more details, see Office for Civil Rights - HIPAA. For the full text of the act, see Public Law 104-191. Also: HIPAA at UCSF.

Training for Students

PharmD students are:

Provided with HIPAA training in their first year.

Presented during Orientation with our e-mail policy, which reminds students how to use our secure e-mail solution when sending patient information in e-mail.

Training for Employees

All University employees receive basic HIPAA training as part of the New Employee Orientation Program. See New Employees.

For Employees Only

If a Violation Occurred

If you know or suspect that a HIPAA violation occurred, immediately contact your supervisor to resolve the problem. If you're not satisfied with your supervisor's response, contact the Whistleblower Coordinator.

UCSF School of Pharmacy