home
education & training
Staff Training
Faculty Training
House Staff Training
Research Training
Student Training
Volunteers Training
Visitors & Observers
Frequently Asked Training and Education Questions
policies & procedures
documentation and forms
research
it security
frequently asked questions
privacy office
related links

Frequently Asked Training and Education Questions

UCSF is committed to ensure that every person in the campus community receives sufficient opportunity to understand HIPAA as the law pertains to his or her activity at UCSF. A variety of educational and training materials were developed for the workforce in general as well as targeted to specific audiences as determined by individual responsibilities at UCSF.

Who needs to take the HIPAA training?

All members of the UCSF workforce, whether salaried or non-salaried, are required to complete HIPAA privacy and information security training. This includes faculty, staff, students, volunteers, as well as visitors who may have either direct or indirect access to patients or their health information.

Which training do I need to take?

There are several levels of training depending upon the level of access to patients and patient information. Basic privacy and security training (HIPAA 101) as well as advanced role-based training can be viewed on-line or printed for training as follows:

  • None or minimal access to patients or patient information? Yes. Take HIPAA 101 Privacy and Security module.
      - Medical Center new employees complete this training by attending
        the mandatory new employee orientation.
      - Medical Center volunteers complete this training at the Medical
        Center Volunteer Services orientation.
  • Access to patients or patient information? Yes. Take advanced HIPAA module. There are several versions depending upon an individual’s responsibilities including PHI Module, Provider Module and Development Module.
  • Human Subjects Research? Yes. Take Research module.
  • Access to UCSF clinical systems? There may be additional training and approval required for access to STOR, IDX, UCARE, etc. Contact system owners for any requirements.
  • Access to UCSF computing systems which transmit, receive, create or store confidential or financial data or patient information? Yes. Take Advanced Security training module.


Who should take the PHI Module?

  • Individuals who access protected health information (PHI) and/or respond to patient requests related to PHI: For example, this includes individuals who deal with patient registration, scheduling, medical records or billing functions.
  • In addition this could include, but is not limited to, individuals with associated responsibilities within Clinics; Pharmacy & Home Services; Hospital Patient Care Units; Information Technology Services; Case and Social Services Management; and, Business Associates.


Who should take the Provider Module?

  • School of Dentistry, School of Nursing, School of Pharmacy, and students, residents and fellows.
  • Non Medical Center Department with clinical activity: All academics with health professions degrees or responsibilities.
  • Medical Center Department: All health professions with direct patient care responsibilities.
  • New Employees and faculty in all of the above functions and units.


Who should take the Institutional Advancement, Communications, and Media Module?

  • All staff, including volunteers, who are engaged in institutional advancement functions.
  • This includes medical center and non-medical center departments with or without clinical activity or clinical related research.


Who should take the Research Module?

  • All Research Investigators and their research support staff who submit new, modified, exempt protocols or work with patients or patient information.
  • Research support staff is any person who has direct contact with the research subject or with the subject's PHI. This includes graduate students, post-doctoral fellows, UCSF Fellows, clinical research coordinators and associates, data entry and data base specialists, statisticians, and some laboratory personnel (audio, video, research).
  • Human subjects research involves more that just clinical trials as any researcher who utilizes PHI associated with biological specimens, biometric specimens, data sets and medical records is involving human subjects.


How do I access the HIPAA training module?

The HIPAA training modules are posted on-line and can either be reviewed on-line, downloaded for review, printed out for review or be reviewed by attending a new employee orientation, house officer training or other training workshop. It is not required that they be taken on-line.


Is there a certificate of training to prove I took the training?

At this time there is no certificate of training. However, some departments may require additional information security training for access to their electronic information resources, and as such, they may require or provide a security training certificate.


How often do I need to take HIPAA training?

At this time HIPAA training is only required to be taken one time. There is no annual recertification requirement.


What is the HIPAA Handbook?

The HIPAA Handbook meets current HIPAA regulatory requirements to inform the UCSF workforce regarding this important patient privacy and security initiative. It supplements the HIPAA training. The UCSF Confidentiality Statement can be found at the back of the handbook.
Search  
 
         
  news   hipaa handbook   hipaa forms   training faqs  
If you are experiencing any difficulty with this site, please contact us. Copyright © 2008 The Regents of the University of California. All rights reserved.