HIPAA Privacy Office General Information

​​What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996, is a Federal Regulation dealing with health records. The purpose of the Act is to ensure the privacy and security of Protected Health Information (PHI) with regard to patient records and research subject data. As an employer, healthcare practitioner and researcher, CMU is committed to protecting its employees, patients and subjects within our community.

Reporting HIPAA Incidents

All suspected HIPAA Incidents must be reported in a timely manner. You can report a HIPAA Incident or Complaint to:

  • HIPAA Privacy Office, or
  • A HIPAA Representative, or
  • CMU Ethics Hotline, or
    • Call (confidential) at 1-866-294-9379
The above contacts are the preferred method to report a HIPAA Incident; however, you may also report to a Supervisor or Manager in accordance with HIPAA Policy 12-4. Refer also to the CMU HIPAA Contacts tab on this webpage.

Contracts/Agreements that involve HIPAA Protected Health Information 

If you are working on a contract/agreement that may involve Protected Health Information (PHI), then the contract may require a HIPAA Business Associate Agreement (BAA). Contact the HIPAA Privacy Office to assure that HIPAA regulatory requirements are met.

The HIPAA Privacy Office Team

Karen Haskin, MSA, RHIT, CHCO, OHCC - HIPAA Privacy Officer

Jamie Madrigal, MSA - HIPAA Coordinator