The UCLA Health Office of Compliance Services is responsible for ensuring that both health research and patient care activities at UCLA comply with all applicable laws and regulations, including health data privacy and security rules. The UCLA security program maintains a high standard of security for systems that support clinical care, research operations, and clinical trials. To assure that researchers can access the data they need in compliance with applicable laws and regulations, UCLA has adopted a range of policies and procedures to maintain appropriate privacy, confidentiality, integrity, and security of electronic patient, research, and trial data. UCLA systems and controls ensure compliance with patient information privacy and security requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), applicable Food and Drug Administration requirements for good clinical practices (GCPs) in the conduct of clinical trials, as specified in the “Common Rule” at 45 CFR 46 and the evolving standards required by 21 CFR Part 11. All data systems require a unique log-on and individual passwords. Restricted information, which includes PHI, may only be stored on UCLA-controlled devices and must be stored with encryption unless the device is physically secured at all times. Many additional data security policies and procedures are set forth in 16 distinct policy documents. UCLA periodically evaluates and upgrades its systems and controls to correct identified deficiencies, including those resulting from changes in operations, the evolving demands of increasing sophisticated and complex electronic systems, and changing legal and regulatory requirements.  

The UCLA Health Sciences Compliance Program was developed to ensure UCLA’s legal, regulatory, Regental, UC policy, and other compliance requirements are followed and maintained. The goal of the program is to provide guidance and address compliance concerns across campus. The Compliance Program has an Oversight Committee on Audit, IT Governance, Compliance, and Controls which is a standing committee composed of campus leadership responsible for providing policy direction and oversight regarding campus-wide accountability and compliance matters. The committee is supported by the UCLA Ethics and Compliance Officer with collaboration from various campus partners.  

The Compliance Program was developed in the context of UCLA’s core teaching, research, patient care, and public service missions. The specific purposes of the program are to maintain and enhance quality of care; demonstrate sincere, ongoing efforts to comply with all applicable laws; revise and clarify current policies and procedures in order to enhance compliance; enhance communication with governmental entities with respect to compliance activities; empower responsible parties to prevent, detect, and resolve conduct that does not conform with applicable laws and regulations; and establish mechanisms for employees to raise concerns about compliance issues and ensure that those concerns are appropriately addressed.  

The Compliance Office supports the program through educational programs, updates on changes to the laws and regulations that impact operations, reviews to evaluate compliance, and investigations of allegations of non-compliance.  

For more information, please visit the Office of Compliance Services webpage.

Last updated
November 21, 2023