The Office of Healthcare Compliance & Privacy (OHCP) investigates all reported known and potential impermissible uses and disclosures of PHI and determines whether the reported incident constitutes a breach under the HIPAA Breach Notification Rule.
To partner in preventing, detecting, and responding to potential HIPAA Privacy-related incidents, we ask you to please remember:
- Promptly report any known or suspected impermissible uses or disclosures of PHI to OHCP at ohcp@uchc.edu, 860-679-6060, or the University of Connecticut and UConn Health toll-free REPORTLINE at 1-888-685-2637. When in doubt, report it!
- When reporting, preferred terms include: potential privacy incident, privacy concern, or possible/suspected impermissible use/disclosure.
Examples
Say Don't say “I’d like to report a suspected impermissible disclosure of PHI.” “We had a HIPAA breach today.” “There was a potential privacy incident in the office today.” - A breach determination is made by OHCP after gathering relevant information and performing a four-factor risk assessment, as specified under HIPAA. Avoid using the term “breach” in any communications unless a determination of a breach has been made by OHCP or the Office of the General Counsel.
UConn Health must meet certain regulatory requirements when an incident is determined to be a breach, including but not limited to reporting the breach to the affected individual(s) and the US Department of Health and Human Services Office for Civil Rights (OCR). Notifications are made by OHCP or, in some cases, by UConn Health Business Associates at the direction of UConn Health.
Questions? Please feel welcome to contact OHCP at ohcp@uchc.edu, 860-679-6060.