Office of HIPAA Compliance General Information
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) of 1996, is a Federal Regulation dealing with health records. The purpose of the Act is to ensure the privacy and security of Protected Health Information (PHI) with regard to patient records and research subject data. As an employer, healthcare practitioner and researcher, CMU is committed to protecting its employees, patients and subjects within our community.
Reporting HIPAA Incidents
All suspected HIPAA Incidents must be reported in a timely manner. You can report a HIPAA Incident or Complaint to:
The above contacts are the preferred method to report a HIPAA Incident; however, you may also report to a Supervisor or Manager in accordance with HIPAA Policy 12-04.
- HIPAA Privacy Office via telephone 989-774-2829, or
- File a HIPAA Compliance report on EthicsPoint, or
- Call Ethics Hotline toll-free at 1-866-294-9379
Contracts/Agreements that involve HIPAA Protected Health Information
If you are working on a contract/agreement that may involve Protected Health Information (PHI), then the contract may require a HIPAA Business Associate Agreement (BAA). Contact the HIPAA Privacy Office to assure that HIPAA regulatory requirements are met.
The Office of HIPAA Compliance Team
Jamie Madrigal - HIPAA Privacy Officer
Kurt Smith - HIPAA Security Officer
Sara Boykin - HIPAA Coordinator