The UNCHCS Privacy Office Provides HIPAA Privacy Compliance Support for all UNC SOM Workforce Members Performing Clinical Activities

The UNCHCS Privacy Office provides privacy compliance support for all clinical activities performed by UNC SOM workforce members including the following:

  1. Providing required annual online HIPAA training for UNC SOM workforce members involved with clinical activities;
  2. Auditing and monitoring of current operations and processes created by or performed by UNC SOM workforce members to evaluate whether appropriate privacy and security controls are in place (i.e., access audits of the electronic health record to determine whether access to PHI of any patient was for legitimate business purposes);
  3. Conducting investigations of suspected privacy breaches involving PHI used for clinical purposes (as opposed to PHI used for education or research purposes); and
  4. Providing outreach and consultations for the UNC SOM workforce on actions and strategies that UNC SOM workforce members can take to ensure compliance with UNCHCS HIPAA policies (i.e., consultations to ensure that PHI in the possession of UNC SOM workforce members is stored and transmitted securely, or that access to PHI is appropriately provisioned to only personnel in the SOM department, etc.).

UNCHCS HIPAA Policies Apply to all UNC SOM Workforce Members Involved in Clinical Care

The application of the UNC Health Care System HIPAA Policies to the University of North Carolina at Chapel Hill School of Medicine clinical components extends by agreement with the UNC SOM to all employed personnel of the UNC SOM involved in clinical care including but not limited to full and part-time and paid and unpaid faculty, staff, students, trainees, interns and volunteers (UNC SOM Workforce).

All UNC SOM Workforce members must comply with the UNCHCS HIPAA policies at all times when performing or supporting any clinical activities for or on behalf of UNCHCS.

When is a UNC SOM Workforce Member Considered to be Performing or Supporting Clinical Activities on Behalf of UNCHCS?

The application of UNCHCS HIPAA policies applies very broadly to any activity being performed by a member of the UNC SOM workforce that involves patient medical information that is related to clinical treatment.

Whenever an UNC SOM workforce member accesses, views, uses, sends, or disposes of patient data, the employee is considered to be performing clinical activities.

Annual HIPAA Training Required for all UNC SOM Workforce Members Involved in Clinical

All UNC SOM workforce members who provide or support clinical services in anyway must complete the UNCHCS online HIPAA training annually as well as sign the UNCHCS Confidentiality Statement.

Contacting the UNCHCS Privacy Office

UNC SOM workforce members are encouraged to contact the UNCHCS Privacy Office for any HIPAA privacy compliance questions relating to clinical activities at:

UNC Health Care System Privacy Office
211 Friday Center Drive, Suite G063
Chapel Hill NC, 27514


For questions about HIPAA and research or HIPAA and medical education teaching activities at UNC SOM/UNC Medical Center, please contact the University of North Carolina Privacy Office at 919.962.6332 or by email at