If you discover a breach of protected health information (PHI) regardless of who was responsible for the breach, you must immediately report the breach to the Corporate Compliance Department at 856-507-7857.
The Corporate Compliance Hotline is available 24 hours a day, 7 days a week. You will not be reprimanded for reporting a breach of PHI or for reporting a HIPAA concern. You can also make a report of any privacy concern at firstname.lastname@example.org. Please refer to the Non-Retribution Policy.
After you make a report, a representative of the Corporate Compliance Department will work with you to investigate the breach and handle patient notification as required. You should not contact any patients that may have been affected by the possible breach. If patient notification is required, the appropriate Privacy Officer will make the notice in order to ensure full compliance with all regulatory requirements.
Examples of electronic breaches that must be reported include a lost or stolen laptop, PDA or flash drive that is used to store PHI. Examples of paper breaches that must be reported include faxing PHI to an incorrect number or person, mailing PHI to the wrong address or person, or failing to shred paper medical records or patient billing records prior to disposal. Breaches that happen by word of mouth include releasing PHI over the telephone or in person to an unauthorized individual. These are only a few examples of possible breaches of PHI. If you are unsure whether a breach has occurred, please report it!
You must report these common HIPAA/HITECH Act issues:
Did you or someone you know:
- Find unsecured patient information?
- Lose or misplace patient information?
- Accidentally release patient information to someone who should not have received it?
- Accidentally receive patient information that was not meant for you?
- Have a laptop, tablet, PDA or USB drive stolen?
- Send a fax containing patient information to the wrong number or receive a fax not meant for you?
If the answer to any of these questions is YES or MAYBE, then call within 24 hours of the event so that we can provide proper direction to address the issue.