: HOME  |  Privacy Policies  |  Frequently Asked Questions  |  Training

Privacy Forms - HCCs |  Privacy Information - Patients/Pacientes  

   Additional Information  |  Contact Information

YOU ARE HERE : HOME / HIPAA Frequently Asked Questions / DISCLOSURES FAQ 14

14. What do I do if I get a call from someone who says they were given a copy of another patient’s PHI or that they received a patient’s PHI by mail or fax?

Take these four steps:

First, please thank the caller for contacting us to let us know about the issue.  (Take good notes of your conversation so you have details to enter into the HIPAA online system, once you hang up.)

Second, arrange with the caller to get the documents back.  Do NOT ask the caller to throw them away.  If the caller is a patient who plans to be back in the clinic in the next day or two, ask if he will return the document then.  Otherwise, please tell the caller that you will send a self-addressed stamped envelope right away so the documents can be returned to the clinic.  (You’ll need to know how many pages, so you have an idea of how much postage to put on the envelope.)

 If the PHI was received by email, please ask the caller to delete the message and then empty the deleted items folder. 

Third, let the caller know that we will send a statement for him to sign that says he understands that the information is confidential.  Make a note in the file that you’ve advised the caller of the confidential nature.  (A sample confidentiality statement is below.)

Finally, notify your supervisor of the call, so any necessary changes in process can be made to prevent similar errors from occurring.  You or your supervisor will enter the incident in the HIPAA online system as soon as you end the call so we can track our actions, including your conversation and the return receipt of the documents. The University Privacy Official will review the file and determine any additional steps, such as mitigation, as details are entered.


Sample Statement of Confidentiality:  Make the correct selections, based on your facts.

The xxx Clinic/Office thanks you for returning/deleting the documents that you received in error.  Please sign the statement below and return it in the self-addressed stamped envelope with the documents that you received (do not include, if PHI was emailed).  Thank you.

 I received a copy of health information that belongs to someone else.  I understand that this information is confidential, and I will keep it confidential.  I am returning/have deleted all copies.

Signed: _________________________                             Dated:  _______________________________

Return to FAQ List

TOP ^  

The University of Oklahoma Health Sciences Center

Office of Compliance
P. O. Box 26901
Oklahoma City, OK 73129
Phone: (405) 271-2511, (866) 836-3150
Fax: (405) 271-1076

Copyright © 2014 The Board of Regents of the University of Oklahoma, All Rights Reserved.
Disclaimer | Copyright