Health Insurance Portability & Accountability Act of 1996 (HIPAA)

The Health Insurance Portability & Accountability Act of 1996 (HIPAA) is a United States federal law that protects the privacy of patient medical records.

Penalty for Lack of Compliance

Penalties imposed by HIPAA vary depending on the circumstances of the violations, but they include:

fines of US$100 per violation
additional penalties of up to $250,000
up to 10 years in prison.

More Information

The information provided above is simplified to make HIPAA easier to understand. For more details, see Office for Civil Rights - HIPAA. For the full text of the act, see Public Law 104-191. Also: HIPAA at UCSF.

Go To: Privacy of Patient Medical Records

Training for Students

PharmD students are:

Provided with HIPAA training in their first year.
Presented during Orientation with our e-mail policy, which reminds students that they must use secure e-mail when sending patient information in e-mail.

Training for Employees

All University employees receive basic HIPAA training as part of the New Employee Orientation Program. See New Employees.

For Employees Only

If a Violation Occurred

If you know or suspect that a HIPAA violation occurred, immediately contact your supervisor to resolve the problem. If you're not satisfied with your supervisor's response, contact the Whistleblower coordinator.