education & training
Staff/ Postdocs Training
Faculty Training
House Staff Training
Research Training
Student Training
Volunteers Training
Visitors & Observers
Privacy Campaign Tool Kit
Frequently Asked Training and Education Questions
policies & procedures
documentation and forms
it security
frequently asked questions
privacy office
related links

Frequently Asked Training and Education Questions

UCSF is committed to ensure that every person in the campus community receives sufficient opportunity to understand HIPAA as the law pertains to his or her activity at UCSF. A variety of educational and training materials were developed for the workforce in general as well as targeted to specific audiences as determined by individual responsibilities at UCSF.

Who needs to take the HIPAA training?

Members of the UCSF workforce, whether salaried or non-salaried, are required to complete HIPAA privacy and information security training. This includes faculty, staff, students, postdocs, volunteers, as well as visitors who may have either direct or indirect access to patients or their health information.

Which training do I need to take?

There are several levels of training depending upon the level of access to patients and patient information. Basic privacy and security training (HIPAA 101) as well as advanced role-based training can be viewed on-line or printed for training as follows:

  • None or minimal access to patients or patient information? Yes. Take HIPAA 101 Privacy and Security module.
      - Medical Center new employees complete this training by attending
        the mandatory new employee orientation.
      - Medical Center volunteers complete this training at the Medical
        Center Volunteer Services orientation.
  • Access to patients or patient information? Yes. Take advanced HIPAA module. There are several versions depending upon an individualís responsibilities including PHI Module, Provider Module and Development Module.
  • Human Subjects Research? Yes. Take Research module.
  • Access to UCSF clinical systems? There may additional training and approval required for access to UCSF clinical systems, such as APeX. Contact system owners for any requirements.
  • Access to UCSF computing systems which transmit, receive, create or store confidential or financial data or patient information? Yes. Take Advanced Security training module.

Who should take the PHI Module?

  • Individuals who access protected health information (PHI) and/or respond to patient requests related to PHI: For example, this includes individuals who deal with patient registration, scheduling, medical records or billing functions.
  • In addition this could include, but is not limited to, individuals with associated responsibilities within Clinics; Pharmacy & Home Services; Hospital Patient Care Units; Information Technology Services; Case and Social Services Management; and, Business Associates.

Who should take the Provider Module?

  • School of Dentistry, School of Nursing, School of Pharmacy, and students, residents and fellows.
  • Non Medical Center Department with clinical activity: academics with health professions degrees or responsibilities.
  • Medical Center Department: health professions with direct patient care responsibilities.
  • New Employees and faculty in the above functions and units.

Who should take the Communications and Public Relations Module?

  • Staff, including volunteers, who are engaged in institutional advancement functions.
  • This includes medical center and non-medical center departments with or without clinical activity or clinical related research.

Who should take the Research Module?

  • Research Investigators and their research support staff who submit new, modified, exempt protocols or work with patients or patient information.
  • Research support staff is any person who has direct contact with the research subject or with the subject's PHI. This includes graduate students, post-doctoral fellows, UCSF Fellows, clinical research coordinators and associates, data entry and data base specialists, statisticians, and some laboratory personnel (audio, video, research).
  • Human subjects research involves more that just clinical trials as any researcher who utilizes PHI associated with biological specimens, biometric specimens, data sets and medical records is involving human subjects.

How do I access the HIPAA training module?

The HIPAA training modules are available through the UC Learning Center, posted to this website and presented during new employee orientation, house officer training or other training workshop. Consult with HR or your department to determine how to complete the training.

Is there a certificate of training to prove I took the training?

At this time there is no certificate of training. However, some departments may require additional information security training for access to their electronic information resources, and as such, they may require or provide a security training certificate.

How often do I need to take HIPAA training?

UCSF workforce members receive HIPAA training upon hire. In addition, workforce members will be expected to complete an updated Privacy training as the Federal Regulations or State Privacy Laws change. As of October 1, 2010, training is available in the Learning Management System (LMS).  If you have any questions, please contact your supervisor/manager.

What is the Privacy and Confidentiality Handbook?

The HIPAA Handbook meets current HIPAA regulatory requirements to inform the UCSF workforce regarding this important patient privacy and security initiative. It supplements the HIPAA training. The UCSF Confidentiality Statement can be found at the back of the handbook.

  news   hipaa handbook   hipaa forms   training faqs