UC HIPAA Privacy Official Job Responsibilities

HIPAA requires The University of California, as Single Health Care Component (SHCC) covered entity, to designate a Privacy Officer for the SHCC. The Privacy Officer also serves as the University's contact person and contact office. The responsibilities of the University's HIPAA Privacy Officer include:

1. Provide accountability at the highest level of the University for all matters relating to the University's compliance with HIPAA as a SHCC, including documentation and reporting requirements of the campus Privacy Liaisons and/or Privacy Officers and, in consultation with the System HIPAA Taskforce, develop mechanisms that provide assurance to the Board of Regents that the Privacy Rule required documentation is accomplished and maintained by the appropriate covered entities within the SHCC and at the system level;
2. Provide documentation of the designation of all covered institutions within the SHCC;
3. Document the personnel designations for all covered institutions within the SHCC as required by the Privacy Rule and maintain copies of the job descriptions, contact numbers and addresses for all University HIPAA Privacy and Security Officials or Officers and Liaisons;
4. Maintain records of the University HIPAA Privacy Officer's job description, location of the system Privacy office or contact person and comparable documentation for each of the ten campuses' and the five academic health center Privacy Officers, Liaisons, Office and contact person (s);
5. Oversee all ongoing activities related to the development, implementation, maintenance of and adherence to UC's policies and procedures covering the privacy of and access to patient health information in compliance with the Privacy Rule;
6. Serve as the SHCC's contact person responsible for receiving complaints and providing information regarding the SHCC's HIPAA privacy practices as described in the SHCC's Notice of Privacy Practices;
7. Maintain current knowledge of applicable federal and state privacy laws and coordinate with other UC divisions regarding federal and state laws and the institution's privacy practices that may impact the University's compliance with the Privacy Rule;
8. Modify and update all Privacy Rule policies and the Notice, in consultation with the Office of the General Counsel and System HIPAA Taskforce, if required by changes in federal or State law or as needed to respond to UC policy changes;
9. Coordinate with system or local Compliance Officers, the Office of the General Counsel, Office of Risk Management, the University Auditor, campus Privacy Officers and Liaisons and others as necessary to provide a response to individual complaints, identify and mitigate potential violations and apply and document appropriate sanctions for failures by the workforce to comply with the Privacy Rule and the System HIPAA Standards and Implementation Policies and local policies and procedures;
10. In coordination with the HIPAA Taskforce, develop a process for using complaints as evaluative and improvement tools;
11. Develop, in coordination and consultation with the System HIPAA Taskforce, workforce training and develop a process to provide assurance to the Board of Regents that required training and documentation have been met;
12. Maintain records of HIPAA education materials developed and implemented by the University's HIPAA Taskforce;
13. Cooperate with complaint investigations and compliance reviews;
14. Permit access to information as required by DHHS and permitted under the Privacy Rule;
15. Where applicable, organize, manage and staff a HIPAA Privacy Office and the HIPAA Taskforce; and
16. Report, as appropriate, at the local and system level to executive management and to the Board of Regents as required by local or system policy.