This policy establishes authority to solicit funds through gifts, private grants and events.
A transfer, by means of a will, of personal property (cash, securities, or other tangible property).
Confidentiality of Medical Information Act (California Civil Code Section 56.10 et. seq.)
Name, date of birth, gender, ethnicity, insurance status, address and other contact information; exclusive of information about illness or treatment.
Obtaining the patient’s written authorization to use or disclose Protected Health Information (PHI), such as diagnosis, provider name, or department, for fundraising purposes.
Organized efforts to solicit gifts for any University purpose from private sources which include but are not limited to individuals, firms, corporations, groups, and/or foundations. Announcements and solicitations of memorial gifts and annual fund drives are not considered fundraising campaigns.
An event at which participation includes a gift component (charitable contribution), and may include a non-gift component (goods and/or services provided or available to the attendees, sponsors, or donors). Such university events are conducted by or on behalf of UCSF or the UCSF Foundation.
Includes outright gifts, pledges, and bequests, but excludes grants from private sources as defined in the guidelines for review of gifts/grants for research dated July 8, 1980 (http://www.ucop.edu/ucophome/coordrev/policy/7-08-80.html)
A signed and dated legal commitment to make a gift over a specific period; the total value of such a commitment.
An award to UCSF in response to a proposal submitted to a private foundation, association, corporation or corporate foundation, or private trust that specifies reports on expenditures, guidelines for audits, consideration for the grantor, testing or evaluating, and/or satisfying specific conditions or requirements for a specified period of performance. Private grants are subject to The Regents' overhead charges of varying levels, depending on contractual arrangements.
As defined by the Health Insurance Portability and Accountability Act (“HIPAA”), an individual’s health information or data collected from an individual that is created or received by a health care provider, plan or clearinghouse related to the past, present or future physical or mental health or condition of an individual, the provision of health care to the individual; identifies or could reasonably identify the individual; and is transmitted or maintained in electronic or any other form or medium.
A. This policy pertains to solicitations in which funding is sought for campus programs through gifts to The Regents or to the UCSF Foundation.
B. Authority to Solicit and Accept Gifts
1. Deans' Offices
Approval by the dean of the school in which funding is sought is required for all gift solicitations and projects of any kind valued in excess of $50,000, whether from individuals, private foundations, professional associations, societies, and other non-governmental agencies, and whether the gifts will be accepted by The Regents or the UCSF Foundation. This approval does not apply to governmental contract or grant proposals, or to private health agencies (e.g., the American Cancer Society).
Campaigns with goals of up to and including $5,000,000 are within the authority of the chancellor to approve, pursuant to Delegation of Authority 2018.
3.Regental approval is required for solicitation or acceptance of any gift that involves:
a. exceptions to approved University programs or policies;
b. obligations on the part of the University to expenditures or costs for which there is no established fund source;
c. construction of facilities not previously approved.
4.Regental or Presidential authorization is required for solicitation or acceptance of any gift that involves an interest in real property. [Bylaw 21.3(f)(2)(aa)].
C. All fundraising activities for UCSF:
1. shall be coordinated through the Development and Alumni Relations office;
2. shall conform with established University programs and policies, including The Regents' Policy on Fundraising Campaigns;
3. shall be financed from funds that are available for such purposes, including campaign proceeds;
4. shall conform with UCSF Foundation gift processing procedures; See http://acctg.ucsf.edu/foundation_accounting/gift_processing/index.htm
5. shall not obligate the University to expend funds in excess of budgeted items.
D. Fundraising Campaigns
See Policy 450-13
E. Fundraising Events
See Policy 450-16
F. A capital improvement project shall be subject to completion of the environmental review process in accordance with the California Environmental Quality Act and
subsequent approval of the site and design of the project.
G. Compliance with HIPAA and CMIA
UCSF's Solicitation practices must comply with HIPAA, CMIA and the related UCOP policies.
1. Workforce Training
a. UCSF faculty and staff involved in fundraising must review the following documents:
b. Other advanced HIPAA training may be required as appropriate to each individual's responsibilities at UCSF. Other HIPAA training include, but are not limited to, the Advanced HIPAA for Fundraising module in the UC Learning Center.
c. Documentation of completion of the training and signed statement and signed UCSF Confidentiality Statement shall be maintained with the personnel file for the individual.
2. Use and Disclosures of Patient Information for Fundraising that Do Not Require Authorization
a. UCSF may use and disclose to the UCSF Development and Alumni Relations Office a patient's demographic information, health care dates of service, health insurance status, department of service (e.g. cardiology, oncology), name of treating physician, and outcome information (e.g. death, sub-optimum outcome) for the purpose of raising funds for UCSF without prior written authorization from the patient or the patient's legally authorized representative.
b. All other uses and disclosures of patient information for fundraising require written authorization from the patient or the patient's legally authorized representative.
3. Securing a Fundraising Authorization (Opt-in)
a. For all UCSF patients, only a health care provider may initiate a request for authorization for fundraising using Protected Health Information (PHI).
b. Authorizations shall be obtained
I. in person by a health care provider; or
ii. referred to fundraising staff to obtain the patient's written authorization.
c. Following a health care provider's referral, fundraising staff shall obtain written authorization for fundraising using PHI.
d. Fundraising staff shall secure written authorizations if PHI is discussed by a patient prospect in the course of conversation.
4. Office of Record for Fundraising Authorizations (Opt-ins)
a. Written fundraising authorizations shall be maintained by University Development and Alumni Relations (UDAR). Fundraising authorizations received by other campus departments shall be forwarded immediately to UDAR for processing.
b. Campus departments shall not maintain stand-alone databases of fundraising authorizations.
5. Providing an Opt-Out Mechanism
a. All fundraising communications sent to UCSF patients shall include information describing how the patient may opt out of future solicitations.
b. Fundraising opt-out requests may be made in writing, by phone or email.
c. The following language shall be included in all printed fundraising materials.
“If you do not wish to receive further fundraising communications from UCSF, please contact: Records Manager, UCSF, Box 0248, San Francisco, CA 94143-0248 or email HIPAAOptOut@support.ucsf.edu or call 1-888-804-4722.”
6. Office of Record for Opt-Outs
a. UDAR is the office of record for fundraising opt-outs. Fundraising opt-outs received by other campus departments shall be forwarded immediately to UDAR for processing.
b. Campus departments shall not maintain stand-alone databases of fundraising opt-outs.
7. List and Prospect Clearance
All fundraising mailing lists shall be vetted by UDAR to remove opt-outs on record.
8. Requests for Patient Lists for Mailing
a. All requests for patient mailing lists for fundraising purposes shall be directed to UDAR for review for compliance with HIPAA and opt-out requests.
b. Confidentiality and security standards shall be adhered to throughout this process. These standards include, but are not limited to:
I. PHI shall be limited to the minimum necessary for the purpose it was collected.
ii. PHI shall be encrypted before being sent to UDAR for vetting and approval.