UW-Madison is committed to protecting the privacy and security of health information, as mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH). HIPAA and HITECH establish national standards for protecting the privacy and security of health information and define specific rights for individuals with respect to their health information.
Use this form to report any incident that involves a possibility of unauthorized use, disclosure of, or access to Protected Health Information. The UW‑Madison HIPAA Privacy Officer and Security Officer will review and investigate reports.
UW-Madison staff and students should complete the Joint Security and Privacy Checklist to evaluate any proposed use or disclosure of Protected Health Information (PHI). Use cases include IRB research, educational activities, and projects which involve the sharing of PHI with another entity or receipt of PHI from another entity — for a reason other than treatment.