Enter your ZIP code:

Please enter a 5 digit zipcode
No results...

Entering your zip code helps us to provide information and results that are more relevant to you.

Your privacy is important to us. By continuing, you agree to our Privacy Policy.

Get Care Now Pay My Bill News Careers Giving Patient Portal
Schedule an Appointment
Home About Us Compliance

Compliance & Privacy Office

UCI Health takes seriously its commitment to complying with all laws and regulations governing the provision of healthcare.

The federal government, with its increased oversight of Medicare and Medicaid providers, has made it clear that all UCI Health employees are expected to take responsibility for appropriate ethical and legal behavior in the workplace. The penalties for noncompliance are considerable.

The purpose of the UCI Health compliance program is to:

  • Maintain and enhance our quality of care and services.
  • Demonstrate sincere, ongoing efforts to comply with all applicable laws.
  • Revise and clarify current policies and procedures in order to enhance compliance.
  • Enhance communications with governmental entities regarding compliance activities.
  • Empower all responsible parties to prevent, detect, respond to, report and resolve conduct that does not conform to applicable laws, regulations and the UCI Health Code of Conduct.
  • Establish mechanisms for employees to raise questions and concerns about compliance issues and ensure those concerns are appropriately addressed.

 

NOTICE TO PATIENTS
OPEN PAYMENTS DATABASE:

For informational purposes only, a link to the federal Centers for Medicare and Medicaid Services (CMS) Open Payments web page is provided here. The federal Physician Payments Sunshine Act requires that detailed information about payment and other payments of value worth over ten dollars ($10) from manufacturers of drugs, medical devices, and biologics to physicians and teaching hospital be made available to the public. At the Centers for Medicare and Medicaid Services (CMS) Open Payments web page, you may search a federal database for payments made to physicians and teaching hospitals.

Privacy and security

Privacy

As a healthcare provider, UCI Health is required to protect the privacy of our patients and their personal health information under the federal Health Insurance Portability and Accountability Act (HIPAA).

The law, which requires that patients be able to transfer and continue their healthcare insurance coverage, mandates the protection and confidential handling of all personal health information.

Learn more about privacy compliance

View frequently asked questions about HIPAA

Security

The UCI Health HIPAA Security Compliance Program is designed to implement 18 standards to protect the security of patient information.

Some of these security standards are required, such as having a unique user ID for each person who accesses patient information. Other standards are “addressable,” and we must either implement the rule or document an alternative method of achieving data protection.

The security compliance program ensures that the highest risks to electronic information security are assessed and addressed. Additional compliance activities include: maintaining audit logs of those who access systems and conducting scans of systems for external intrusions; providing education and training on security issues, and periodically reminding staff of ways to protect information. 

Learn more about security compliance

Website compliance

If you are a co-worker affiliated with UC Irvine, UC Irvine School of Medicine or UCI Health, please review our website creation and monitoring policy

Research

The Compliance & Privacy Office administers the Research Compliance Program under the direction of the chief compliance officer, deputy compliance officer and the research compliance officer. 

The program furthers the commitment of UCI Health and the College of Health Sciences to advance the knowledge and practice of medicine through scholarly research, physician education and the provision of high-quality medical care to patients through a framework that fosters a culture of research integrity and compliance with federal, state, sponsor, university and The Joint Commission standards. 

Learn more about research compliance

Laboratory

Our regulatory compliance program ensures that UCI Health - Orange's clinical laboratories, its officers, managers, employees and independent contractors who engage in the sale, performance and billing of laboratory services maintain the business integrity and honesty required of a participant/supplier in federally funded healthcare programs.

Through this compliance program, UCI Health Pathology Services is committed to improving the quality, efficiency and consistency of laboratory services. We also promote compliance with the complex legal requirements, such as ensuring that:

  • Only laboratory services that have been provided are billed
  • Services are accurately reported
  • The medical necessity for services billed is documented

Learn more about our Laboratory Compliance requirements ›

Annual notice to physicians PDF ›

Billing

Hospital Billing Compliance

The UCI Health hospital billing compliance program seeks to:

  • Enhance education and training programs about the rules and regulations governing hospital billing
  • Monitor and audit billing activities to identify potentially troublesome issues, take corrective and preventative actions, and foster effective communication on common compliance issues
  • Assess the effectiveness of existing policies and procedures and identify potential risk area

Learn more about Hospital Billing Compliance

Professional Billing Compliance

Our professional billing compliance program's goals are to:

  • Enhance education and training programs for physicians, non-physician providers (NPP), residents, medical students and coding staff
  • Conduct monitoring and auditing activities according to federal and state guidelines for potential high-risk areas identified by the U.S. Office of the Inspector General and other programs
  • Ensure that only the services provided are: billed to the appropriate third-party payer, accurately documented and medically necessary

Learn more about Professional Billing Compliance

Research Billing Compliance

The clinical research billing compliance program goals are to:

  • Provide an internal mechanism for quality assurance, quality improvement and education, pursuant to regulations governing research financial compliance, research revenue integrity and research coordinators
  • Conduct monitoring and auditing activities according to all institutional policies and federal and state laws and regulations of potential high-risk protocols defined as high volume of clinical services or mixture of services billed to the study and services billed to the third party payers
  • Ensure that only the clinical research claims that are provided are: billed to the right payer, accurately documented and medically necessary

Learn more about Research Billing Compliance

Vendors

In addition to compliance with the requirements of law, UCI Health officers and employees must avoid the appearance of favoritism in all of their dealings on behalf of the University of California, Irvine.

All UCI Health officers and employees are expected to act with integrity and good judgment, and to recognize that the acceptance of personal gifts from those doing business or seeking to do business with the university — even when lawful — may give rise to legitimate concerns about favoritism, depending on the circumstances.

Additionally, while offers of free or discounted goods, gifts, benefits, donations, honoraria, travel expenses or grants for teaching or research programs frequently serve an important and socially beneficial function, they may, in some circumstances, violate the federal Anti-Kickback Statute and similar California laws.

Learn more about UCI Health vendor relations and policies

Safe and approved AI tools

As the use of artificial intelligence (AI) tools continues to expand across healthcare, the Office of the Chief Information Security Officer (CISO) and the Compliance & Privacy Office want to reinforce clear expectations for how AI tools may and may not be used at UCI Health.

At this time, only the AI tools listed below are approved for use with Protected Health Information (PHI) or any other restricted UCI Health data. Entering patient data or restricted information into unapproved or personal AI tools, even for drafting, summarization or rephrasing, may result in an unauthorized disclosure and must be avoided.

What this means for UCI Health co-workers and care providers

  • PHI and restricted data must not be entered into any external or consumer AI tools.
  • Claims that an AI tool is “HIPAA compliant” do not mean it is approved for use at UCI Health.
  • Copying information from Epic or other clinical systems into AI tools is not permitted.
  • Use of AI tools with PHI may be treated as a privacy incident and subject to review.

Permitted AI use (non-PHI only)

UCI Health provides access to certain AI-enabled tools that may be used only for non-PHI, non-restricted work, such as administrative tasks, general writing, or de-identified content:

  • ZotGPT for non-PHI use (chat.zotgpt.uci.edu)
  • Teams AI and Zoom AI, when signed in with your hs.uci.edu account and using the correct licensed features

These tools are not approved for entering PHI or restricted information unless explicitly stated as part of an approved clinical workflow.

Permitted AI use for PHI

The following tools are permitted for use with PHI when signed in with your hs.uci.edu account and using the correct licensed features:

  • Abridge, within approved clinical documentation workflows
  • Epic-embedded AI features, where enabled, including DynaMedex and Dyna AI (more.ebsco.com/Dyna-AI.html) for clinical decision support. AI-generated documentation must be reviewed, edited, and validated in the same manner as copied or templated material. Providers remain fully responsible for verifying the accuracy, relevance and clinical appropriateness of all AI-assisted content prior to signing the note.

Prohibited uses

The following tools are not approved for any clinical uses and should not be used with any UCI Health data:

  • UCI Health does not currently have any approved Doximity tools. Doximity Dialer for phone or video visits should not be used for any communications. Appropriate replacements are Epic VoIP and Epic Secure Chat and Epic native video or audio visits.
  • Do not use, enter or share PHI or other clinical queries to any Large Language Models (LLMs) or AI programs, including DoxGPT, ChatGPT or OpenEvidence. Uses of such tools is an Information Security & Privacy violation. We currently do not have any HIPPA-compliant LLM tools available at UCI Health but are actively working towards enabling such tools in the future.

What’s coming next?

To reinforce awareness and accountability, UCI Health will soon introduce a warning and acknowledgment page when accessing certain external AI tools from UCI-managed systems. When UCI Health co-workers or care providers navigate to a site categorized as an AI tool, they will be briefly redirected to a reminder page that: 

  • Outlines expectations for the safe use of AI at UCI Health
  • Reminds users that PHI and restricted data must not be entered into AI tools
  • Directs users to approved alternatives, including ZotGPT, for non-PHI generative AI use
  • Logs user acknowledgment for audit purposes, including username, the destination URL and the site category 

After reviewing the reminder, users may click Continue to proceed to the site or return to the previous page. This page is intended to educate and promote safe use — not to block legitimate non-PHI activities.

What UCI Health co-workers and care providers need to do now

  • Do not enter PHI or restricted data into AI tools
  • Use approved alternatives only for non-PHI purposes
  • Report suspected or accidental disclosures through established incident reporting channels

Related policies

Protecting patient information is a shared responsibility.