Office of HIPAA Compliance General Information

​​What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996, is a Federal Regulation dealing with health records. The purpose of the Act is to ensure the privacy and security of Protected Health Information (PHI) with regard to patient records and research subject data. As an employer, healthcare practitioner and researcher, CMU is committed to protecting its employees, patients and subjects within our community.

Reporting HIPAA Incidents

All suspected HIPAA Incidents must be reported in a timely manner. You can report a HIPAA Incident or Complaint to:

  • HIPAA Privacy Office via telephone 989-774-2829, or
  • File a HIPAA Compliance report on EthicsPoint, or
  • Call Ethics Hotline toll-free at 1-866-294-9379
The above contacts are the preferred method to report a HIPAA Incident; however, you may also report to a Supervisor or Manager in accordance with HIPAA Policy 12-04.

Contracts/Agreements that involve HIPAA Protected Health Information 

If you are working on a contract/agreement that may involve Protected Health Information (PHI), then the contract may require a HIPAA Business Associate Agreement (BAA). Contact the Office of HIPAA Compliance to assure that HIPAA regulatory requirements are met.

The Office of HIPAA Compliance Team

Jamie Madrigal - HIPAA Privacy Officer

Kurt Smith - HIPAA Security Officer

Sara Boykin - HIPAA Coordinator