{"id":2568,"date":"2023-05-22T11:20:02","date_gmt":"2023-05-22T15:20:02","guid":{"rendered":"https:\/\/health.uconn.edu\/healthcare-compliance-privacy\/?p=2568"},"modified":"2023-06-08T13:43:09","modified_gmt":"2023-06-08T17:43:09","slug":"2568","status":"publish","type":"post","link":"https:\/\/health.uconn.edu\/healthcare-compliance-privacy\/2023\/05\/22\/2568\/","title":{"rendered":"Report Known or Potential Impermissible Uses\/Disclosures of PHI"},"content":{"rendered":"<div id=\"pl-2568\"  class=\"panel-layout\" ><div id=\"pg-2568-0\"  class=\"panel-grid panel-no-style\" ><div id=\"pgc-2568-0-0\"  class=\"panel-grid-cell\" ><div id=\"panel-2568-0-0-0\" class=\"so-panel widget widget_black-studio-tinymce widget_black_studio_tinymce panel-first-child panel-last-child\" data-index=\"0\" ><div class=\"textwidget\"><p>The Office of Healthcare Compliance &amp; Privacy (OHCP) investigates all reported known and potential impermissible uses and disclosures of PHI and determines whether the reported incident constitutes a breach under the HIPAA Breach Notification Rule.<\/p>\n<p>To partner in preventing, detecting, and responding to potential HIPAA Privacy-related incidents, we ask you to please remember:<\/p>\n<ul>\n<li><strong>Promptly<\/strong> report any known or suspected impermissible uses or disclosures of PHI to OHCP at <a href=\"mailto:OHCP@uchc.edu\">ohcp@uchc.edu<\/a>, <a href=\"tel:860-679-6060\">860-679-6060<\/a>, or the University of Connecticut and UConn Health toll-free REPORTLINE at <a href=\"tel:1-888-685-2637\">1-888-685-2637<\/a>. <strong>When in doubt, report it!<\/strong><\/li>\n<li style=\"text-align: left;\">When reporting, preferred terms include: potential privacy incident, privacy concern, or possible\/suspected impermissible use\/disclosure.<br \/>\n<h3 style=\"text-align: center;\">Examples<\/h3>\n<table style=\"border-collapse: collapse; width: 100%; height: 120px;\">\n<tbody>\n<tr style=\"height: 24px;\">\n<td style=\"width: 50%; height: 24px; text-align: center;\"><strong>Say<\/strong><\/td>\n<td style=\"width: 50%; height: 24px; text-align: center;\"><strong>Don't say<\/strong><\/td>\n<\/tr>\n<tr style=\"height: 48px;\">\n<td style=\"width: 50%; height: 48px;\">\u201cI\u2019d like to report a suspected impermissible disclosure of PHI.\u201d<\/td>\n<td style=\"width: 50%; height: 48px;\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u201cWe had a HIPAA breach today.\u201d<\/td>\n<\/tr>\n<tr style=\"height: 24px;\">\n<td style=\"width: 50%; height: 24px;\">\u201cThere was a potential privacy incident in the office today.\u201d<\/td>\n<td style=\"width: 50%; height: 24px;\"><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n<li>A breach determination is made by OHCP <strong>after<\/strong> gathering relevant information and performing a four-factor risk assessment, as specified under HIPAA. Avoid using the term \u201cbreach\u201d in any communications unless a determination of a breach has been made by OHCP or the Office of the General Counsel.<\/li>\n<\/ul>\n<p>UConn Health must meet certain regulatory requirements when an incident is determined to be a breach, including but not limited to reporting the breach to the affected individual(s) and the US Department of Health and Human Services Office for Civil Rights (OCR). Notifications are made by OHCP or, in some cases, by UConn Health Business Associates at the direction of UConn Health.<\/p>\n<p>Questions? Please feel welcome to contact OHCP at <a href=\"mailto:OHCP@uchc.edu\">ohcp@uchc.edu<\/a>, <a href=\"tel:860-679-6060\">860-679-6060<\/a>.<\/p>\n<\/div><\/div><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>The Office of Healthcare Compliance &amp; Privacy (OHCP) investigates all reported known and potential impermissible uses and disclosures of PHI and determines whether the reported incident constitutes a breach under the HIPAA Breach Notification Rule. To partner in preventing, detecting, and responding to potential HIPAA Privacy-related incidents, we ask you to please remember: Promptly report [&hellip;]<\/p>\n","protected":false},"author":758,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"wds_primary_category":0,"footnotes":""},"categories":[1],"tags":[],"acf":[],"publishpress_future_action":{"enabled":false,"date":"2026-05-08 06:18:45","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category"},"_links":{"self":[{"href":"https:\/\/health.uconn.edu\/healthcare-compliance-privacy\/wp-json\/wp\/v2\/posts\/2568"}],"collection":[{"href":"https:\/\/health.uconn.edu\/healthcare-compliance-privacy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/health.uconn.edu\/healthcare-compliance-privacy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/health.uconn.edu\/healthcare-compliance-privacy\/wp-json\/wp\/v2\/users\/758"}],"replies":[{"embeddable":true,"href":"https:\/\/health.uconn.edu\/healthcare-compliance-privacy\/wp-json\/wp\/v2\/comments?post=2568"}],"version-history":[{"count":13,"href":"https:\/\/health.uconn.edu\/healthcare-compliance-privacy\/wp-json\/wp\/v2\/posts\/2568\/revisions"}],"predecessor-version":[{"id":2592,"href":"https:\/\/health.uconn.edu\/healthcare-compliance-privacy\/wp-json\/wp\/v2\/posts\/2568\/revisions\/2592"}],"wp:attachment":[{"href":"https:\/\/health.uconn.edu\/healthcare-compliance-privacy\/wp-json\/wp\/v2\/media?parent=2568"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/health.uconn.edu\/healthcare-compliance-privacy\/wp-json\/wp\/v2\/categories?post=2568"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/health.uconn.edu\/healthcare-compliance-privacy\/wp-json\/wp\/v2\/tags?post=2568"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}