UCSF Launches New Privacy and Information Security Training Program

UCSF Medical Center and the School of Medicine are launching a new online Privacy and Information Security training program as part of the University’s commitment to protect confidential information and in response to new state and federal laws.

UCSF, a national leader in patient care, health sciences research and teaching, is committed to protecting medical, personal and sensitive data of all types — whether it’s information about patients, employees, students, donors or research subjects.

The online training program will be required for anyone who uses, sees or hears protected health information (PHI), according to Mark Laret, chief executive officer of UCSF Medical Center, and Sam Hawgood, MBBS, dean of the UCSF School of Medicine.

Laret and Hawgood introduced the training program in an email to the UCSF community last week. “Because we consider this information critical to the organization, we are requiring every member of UCSF Medical Center and the School of Medicine who may use, see or hear protected health information (PHI) to complete the training module. This includes faculty, staff, residents, fellows, students and volunteers.”

The online training program will help members of the UCSF community understand the importance of protecting PHI and the high stakes involved for the institution and individuals in case of a security breach.

Strengthening Privacy Rules


Kathleen Sebelius, US Department of Health and Human Services (HHS) secretary, in July announced important new rules and resources to strengthen the privacy of PHI as the use of electronic medical records and technology expands to drive improvements in the quality and effectiveness of the nation’s health care system.

Led by the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR), HHS is working with public and private institutions to ensure that Americans can trust that their health information is protected and secure.

“To improve the health of individuals and communities, health information must be available to those making critical decisions, including individuals and their caregivers,” said Sebelius. “While health information technology will help America move its health care system forward, the privacy and security of personal health data is at the core of all our work.”

UCSF’s new Privacy and Information Security training program incorporates recent changes in the state privacy laws and the new federal Health Information Technology for Economic and Clinical Health (HITECH) Act, which is part of the American Recovery and Reinvestment Act, and builds upon the 1996 Health Insurance Portability and Accountability Act (HIPAA).

Signed into law by President Obama in February 2009, HITECH imposes more stringent regulatory requirements under the security and privacy rules of HIPAA, increases civil penalties for a violation of HIPAA, provides funding for hospitals and physicians for the adoption of health information technology, and requires notification to patients of a security breach. These broad new requirements necessitate compliance by covered entities, business associates and related vendors in the health care industry.

The online training program will help to ensure that all UCSF workforce members fully understand:

  • What is considered PHI under state and federal law

  • UCSF’s best practices, systems and high standards of behavior

  • The severe consequences, which impact both individuals and UCSF as an organization, if there is a breach of PHI.

The new training module is available online on the UC Learning Center website.

The goal is for all UCSF workforce members to complete this 20-minute training by December 31, 2010. Participation will be tracked during the next three months.

“UCSF Medical Center, the School of Medicine and our patients depend on you to be knowledgeable and professional in the handling of confidential information,” Laret and Hawgood wrote in the recent email. “Your support of this initiative is greatly appreciated.”

Related Links:


UCSF Privacy and Confidentiality website

The Office of the National Coordinator for Health Information Technology

UCSF Implements Data Security Awareness Campaign
UCSF Today, May 18, 2009