Privacy & Confidentiality
UCSF is committed to protecting the sensitive, personal, and medical information of its patients, research subjects, students and workforce.

The goal of the UCSF Privacy Program is to promote information privacy awareness amongst the UCSF community and to ensure that UCSF’s workforce has the training and resources needed to protect private information, report privacy issues and concerns, and refer questions to the Privacy Office when additional guidance is needed.

Program Scope

The Privacy Office has oversight over federal and state privacy laws and regulations including but not limited to the Health Insurance Portability and Accountability Act (HIPAA), the Family Educational Rights and Privacy Act (FERPA), the Confidentiality of Medical Information Act (CMIA), California Health and Safety Code 1280.15, California Civil Code 1798.29, the Lanterman-Petris-Short (LPS) Act, the Information Practices Act (IPA), and the California Consumer Privacy Act (CCPA), as they relate to the UCSF Enterprise. The Privacy team also has limited oversight over the General Data Protection Regulation (GDPR).

Chief Privacy Officer 

UCSF’s Chief Privacy Officer is Vanessa Ridley, JD, MPH. Vanessa is the designated privacy official for the entire UCSF enterprise and is responsible for overseeing compliance with federal and state privacy regulations and privacy-related University policies, procedures, and best practices.

Covered Entity

UCSF is one of the health care components of the University of California (UC). The covered entity components at UCSF are the UCSF Medical Center, UCSF Benioff Children’s Hospitals, School of Dentistry, School of Medicine, School of Nursing, School of Pharmacy, Langley Porter Psychiatric Hospital and Clinics, UCSF Fresno, Proctor Foundation, and UCSF Student Health Services. 

Organized Health Care Arrangement(s) 

UCSF Health participates in an Organized Healthcare Arrangement (OHCA) with other healthcare providers. Within the OHCA, member organizations may share your health information for treatment, payment or operations related to the OHCA. For a listing of UCSF Health’s current OHCA participants, click here

Examples of Our Activities

  • Develop privacy policies, procedures, and guidelines for UCSF
  • Educate the UCSF workforce on privacy laws, regulations, and policies
  • Respond to privacy-related questions from patients and UCSF workforce members
  • Investigate potential privacy incidents
  • Monitor and evaluate the appropriateness of access to medical records 
  • Facilitate regulatory breach reporting, as appropriate