HIPAA security official

Patrick Phelan, Chief Information Security Officer, is UCSF's designated HIPAA security official. The Chief Information Security Officer is responsible for the security of UCSF HIPAA components' electronic Protected Health Information (ePHI), including development of the policies necessary to comply with the Security Rule and the implementation of security measures to protect ePHI. The Chief Information Security Officer may designate local security officials (“delegates”) as necessary to facilitate the implementation of policies, local procedures and security measures.

HIPAA privacy official

Vanessa Ridley, JD, MPH, is UCSF's Chief Health Compliance Officer, the designated HIPAA privacy official for the entire UCSF enterprise. The Chief Health Compliance Officer is responsible for overseeing compliance with federal and state privacy regulations and privacy-related University policies, procedures and best practices. Please visit the UCSF Privacy Office website: https://hipaa.ucsf.edu/.