HIPAA incident and concern form
The HIPAA Privacy and Security Rules (45 CFR 164.308(6)(i), 45 CFR 164.308(6)(ii), 45 CFR 164.530(d)(l) and 45 CFR 164.530(d)(2)) state a process to receive and document complaints regarding protected health information (PHI) and to identify and respond to concerns regarding suspected or known security incidents must exist and be implemented.
A concern is defined as a situation where more research or information is needed to determine if PHI is at risk. An example could include clarification of a HIPAA policy or procedure.
An incident is defined as a situation where HIPAA security and privacy policies or procedures have not been adhered to causing PHI to be at risk. Examples could include seeing an unauthorized, unescorted person in a secured area, someone sharing usernames and passwords, or sending PHI unencrypted in an e-mail or placing PHI on an unencrypted portable device.
If you have a concern or believe you have witnessed an incident regarding protected health information, please complete the form below or email to our HIPAA privacy officer firstname.lastname@example.org