HIPAA Designated Officials

Patrick Phelan's picture

Policy Type


HIPAA Security Official

Patrick Phelan, Chief Information Security Officer, is UCSF's designated HIPAA security official. The Chief Information Security Officer is responsible for the security of UCSF HIPAA components' electronic Protected Health Information (PHI), including development of the policies necessary to comply with the Security Rule and the implementation of security measures to protect ePHI. The Chief Information Security Officer may designate local security officials (“delegates”) as necessary to facilitate the implementation of policies, local procedures, and security measures.


HIPAA Privacy Official

UCSF’s interim Chief Privacy Officer is Tom Poon, CHPC. Tom is the designated privacy official for the entire UCSF enterprise and is responsible for overseeing compliance with federal and state privacy regulations and privacy-related University policies, procedures, and best practices.

Please visit the UCSF Privacy Office website: