Privacy and Access to Information
University Records
Access to Records
Members of the public may access records held by the University of California, Irvine by submitting a request to the Public Records Office (PRO).
Under the California Public Records Act (CPRA) “every person has a right to inspect any public record” (Govt. Code § 6253(a)). This right of access is guaranteed by the CPRA under the principle that, as a public institution, the University's business is subject to public scrutiny. However, certain information is protected and exempt from release under the CPRA and personal privacy is largely protected under the California Information Practices Act of 1977 (IPA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the Family Educational Rights and Privacy Act (FERPA). Additionally, with very limited exceptions, every individual has broad access rights to records containing personal information about themselves under the California Information Practices Act of 1977 (IPA). The PRO can provide additional information about the request process and the types of information that are typically disclosable or exempt.
Requests for records held by the University may be made to the PRO under the CPRA or the IPA.
If you would like to make a records request, or if you are a University employee and have received a records request, please direct your correspondence directly to the PRO via email at pra@uci.edu, by fax at (949) 725-2862, or by phone at (949) 824-9639. Requests may also be mailed to us at:
University of California, Irvine
Attn: Public Records Office
Irvine, CA 92697-1430
Please see the PRO's " How to Make a Request" and " For UCI Employees" pages for more information.
Public Records Act Requests:
Public Records Office
Irvine, CA 92697-1430
Phone: (949) 824-9639
Facsimile: (949) 725-2862
Email: pra@uci.edu
Webpage: http://www.pro.uci.edu/
Federal Laws
Family Educational Rights and Privacy Act (FERPA)
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
State Laws
California Public Records Act
California Information Practices Act of 1977
UC Business and Finance Bulletins
RMP-7, Privacy of and Access to Information Responsibilities
RMP-12, Guidelines for Assuring Privacy of Personal Information in Mailing Lists and Telephone Directories
UC Records Management & Retention
UC Records Retention Schedule
UCI Records Management
UC Academic Personnel Manual
Section 160, General University Policy Regarding Academic Appointees: Academic Personnel Records/Maintenance of, Access to, and Opportunity to Request Amendment of
UCI Administrative Policies & Procedures
Section 720-10, Information from Public Records (California Public Records Act) - Guidelines
Section 720-11, Privacy of and Access to Information (Excluding Student Records) - Guidelines
Procedure 80, Staff Personnel Records
Federal Regulation
Federal Family Educational Rights & Privacy Act of 1974
University Policies Applying to Campus Activities, Organizations, and Students
Section 130, UC Policies Applying to the Disclosure of Information from Student Records
Section 130, Campus Policies Applying to the Disclosure of Information from Student Records
UCI Administrative Policies & Procedures
Section 720-12, Student and Student Applicant Records - Guidelines
Medical Records / Health Information
The University must comply with HIPAA (Health Insurance Portability and Accountability Act) requirements. These govern the provision of health benefits, the delivery of and payment for healthcare services, and the security and confidentiality of individually identifiable, protected health information (PHI). Protected information may be in any written, electronic, or oral formats collected by University employees in the course of patient care activities at:
UC Irvine Medical Center
College of Health Sciences
Student Health Center
Counseling Center
Other academic and service units that provide treatment, generate or use PHI, conduct electronic billing using PHI, or otherwise have access to such information in the course or scope of the work of the unit or the individual employee.
The "Privacy Rule" refers to the Department of Health & Human Services regulation, Standards for Privacy of Individually Identifiable Health Information, which is applicable to entities covered by HIPAA. The privacy provisions of HIPAA apply to health information created or maintained by health care providers who engage in certain electronic transactions, health plans, and health care clearinghouses. (State laws with stronger privacy protections take precedence over and above the HIPAA Privacy Rule.)
HIPAA may also affect research that uses, creates, or discloses PHI. Researchers have legitimate needs to use, access, and disclose PHI to carry out a wide range of health research studies. The Privacy Rule creates standards that protect a patient or member's medical records and personal health information while providing ways for researchers to access and use PHI when necessary to conduct research.
Hospital Compliance Officer, HIPAA Privacy Official
(714) 456-3674
Assistant Vice Chancellor, Research Administration
(949) 824-5677
UC Health Insurance Portability and Accountability Act (HIPAA) website
- HIPAA-1: Health Insurance Portability and Accountability Act
- HIPAA-2: Administrative Requirements
- HIPAA-3: Business Associates
- HIPAA-4: Information Security
- HIPAA-5: Breach Response
- HIPAA-6: Patients' Rights
- HIPAA-7: Uses and Disclosures
- HIPAA-8: Uses and Disclosures for Marketing
- HIPAA-9: Uses and Disclosures for Fundraising
- HIPAA-10: Uses and Disclosures for UC Group Health Plans
- HIPPA-11: UC HIPAA Glossary
- HIPAA Privacy Rule Implementation Guidelines
- HIPAA Security Rule Compliance Guidelines