HIPAA Helpline

If you discover a breach of protected health information PHI, regardless of who was responsible for the breach, you must report the breach within 24 hours of the event to 1-877- PHI-LOSS (1-877-744-5677) or to the Office of Compliance, Privacy & Internal Audit, at 212-404-4079, during normal business hours. The HIPAA Helpline, 1-877-PHI-LOSS, is available 24 hours a day, 7 days a week. You cannot be fired for reporting a breach of PHI or for reporting a HIPAA concern.

After you make a report, the Office of Compliance, Privacy & Internal Audit will work with you to investigate the breach and handle patient notification as required. You should not contact any patients that may have been affected by the possible breach. If patient notification is required, the Office of Compliance, Privacy & Internal Audit will make the notice in order to ensure full compliance with all regulatory requirements.

Examples of electronic breaches that must be reported include a lost or stolen laptop, PDA, or flash drive that is used to store PHI. Examples of paper breaches that must be reported include faxing PHI to an incorrect number or person, mailing PHI to the wrong address or person, or failing to shred paper medical records or patient billing records prior to disposal. Breaches that happen by word of mouth include releasing PHI over the telephone or in person to an unauthorized individual. These are only a few examples of possible breaches of PHI. If you are unsure whether a breach has occurred, report it!

The badge buddy ( pictured at above ) features the HIPAA Helpline, 1-877-PHI-LOSS. It is an easy and convenient tool. As long as you have your badge, you will also have this important phone number with you at all times. Click here to request badge buddies and/or HIPAA Helpline posters for your department.