Human Resources - HIPAA

Human Resources - HIPAA Information

Health Insurance Portability and Accountability Act (HIPAA)

Overview for UCSF Helen Diller Family Comprehensive Cancer Center Employees


Reference Documentation

(Training Module)

Complete either the Basic or Advanced HIPAA training module at the URL above.  Choose the Basic module if you know for certain you do not have a need to access patient, financial, personnel, or confidential data.  Otherwise, you must take the Advanced module training.  Download, complete, and send your completion certification to the Cancer Center’s Human Resources unit.  Be sure to indicate which module you completed.

Some critical points from the Security of Electronic Information training modules:

  1. You are personally responsible for protecting PHI, ePHI, personal identifiers, and confidential information.  Failure to protect this information can result in both civil and criminal penalties.
  2. Protect your workstation by:
    • Logging off after each use, or when you’ll be away from your desk for an extended amount of time;
    • Do not share passwords, and use the strong password guidelines for creating your passwords;
    • Do not disable the regularly scheduled anti-virus update scans;
    • Do not use unlicensed software on your workstation, or install personal software onto UCSF computer.


  3. Report any suspected or known security incident, theft or loss to the CC Computer Support Services group (415.476.6604) as soon as you become aware of the compromise.


  4. Email is never 100% secure.  If you must email confidential information, include only the minimum amount necessary that will properly convey the meaning of your message.
    • Never send confidential information from a non-UCSF email account.
    • Likewise, never forward confidential information to a non-UCSF email account.


  5. Register all mobile devices—laptops, PDAs, Blackberry’s (UCSF or personal) with the CSS group—especially if it is possible that they may contain confidential information.  In the event that your mobile device is lost or stolen (and reported immediately), you will have done proper steps to reduce your personal liability.


  6. Access CC servers using your wireless device or non-UCSF computer using a VPN account. Call 415.514.4100 to request a VPN account.

If you have any supervisory responsibility or responsibility to request computer access for employees, please heed the following:

  1. You are required to use Account Creation, Account Termination,  and/or Request for Access to Sensitive Data forms for computer and/or data access. You must retain a record of all requests that you make using these forms.  Likewise, the access granting group must retain records of these requests. Records must be retained in both places.


  2. When creating a job position, you must indicate on the pertinent forms whether or not the position will require access to confidential information. You must retain records of these job position forms; obviously, HR will have records of these, too.  Records must be retained in both places.