User login


HIPAA Breach Response and Reporting

Effective Date: June 2019


Policy Statement

The Columbia University Healthcare Component (CUHC) is committed to compliance with all applicable federal and state laws and regulations, including the management of a potential compromise of Protected Health Information (PHI). 


Reason(s) for the Policy

This policy establishes the process to investigate and provide required notification in the event of a breach of unsecured PHI.


Primary Guidance to Which This Policy Responds

The HIPAA Breach Notification Rule 45 CFR §§ 164.400-414


Responsible University Office & Officer

Office of HIPAA Compliance, Chief Privacy Officer


Revision History



Who is governed by This Policy

 All CUHC workforce members


 Who Should Know This Policy

 All CUHC workforce members


To see the full text of this policy, please use the link on the right.