Report an Incident or File Complaint

What is a HIPAA security incident?

A HIPAA security incident is the attempted or successful unauthorized access, use, disclosure, modification, or destruction of protected health information (PHI), or interference with system operations in an information system.

All suspected HIPAA incidents must be reported immediately, even if you are unsure whether a violation has occurred.

Examples may include:

Sending PHI to the wrong recipient
Unauthorized access to PHI
Lost or stolen devices containing PHI
Improper disposal of records containing PHI

What is a HIPAA complaint?

If you believe that a HIPAA-covered entity or its business associate has violated your (or another individual’s) health information privacy rights, you may file a complaint. This includes potential violations of the HIPAA Privacy, Security, or Breach Notification Rules.

How to Report an Incident or File a Complaint

If you suspect a HIPAA incident or wish to file a complaint, please use one of the following methods:

Primary Contact

Office of HIPAA Compliance
Phone: 989-774-2829
Email: HIPAA@cmich.edu

Additional Reporting Options

CMU HIPAA Contacts
You may contact any individual listed on the CMU HIPAA Contacts page.
Office of General Counsel
You may contact General Counsel for assistance with HIPAA-related concerns.
CMU Ethics Hotline (Confidential)
1-866-294-9379
CMU Ethics Hotline Website

Important

Timely reporting is critical to ensure appropriate review and response. Reports may be made in good faith without fear of retaliation.

IN THIS SECTION

Report an Incident or File Complaint

Office of HIPAA Compliance

600 East Preston Street (Foust 005)

Mount Pleasant, MI 48859

Email: HIPAA@cmich.edu

Phone: 989-774-2829