HIPAA incident and concern form

The HIPAA Privacy and Security Rules (45 CFR 164.308(6)(i), 45 CFR 164.308(6)(ii), 45 CFR 164.530(d)(l) and 45 CFR 164.530(d)(2)) state a process to receive and document complaints regarding protected health information (PHI) and to identify and respond to concerns regarding suspected or known security incidents must exist and be implemented.

A concern is defined as a situation where more research or information is needed to determine if PHI is at risk. An example could include clarification of a HIPAA policy or procedure.

An incident is defined as a situation where HIPAA security and privacy policies or procedures have not been adhered to causing PHI to be at risk. Examples could include seeing an unauthorized, unescorted person in a secured area, someone sharing usernames and passwords, or sending PHI unencrypted in an e-mail or placing PHI on an unencrypted portable device.

If you have a concern or believe you have witnessed an incident regarding protected health information, please complete the form below or email to our HIPAA privacy officer hcobb@telegenisys.com