HIPAA Patient Privacy
Matters relating to the Health Insurance Portability and Accountability Act (HIPAA) privacy and security are collaboratively managed by the Office of Internal Audit, Compliance and Enterprise Risk Management and the information technology security group. To protect our patients’ privacy and confidentiality, NYU Langone Health strives to ensure the privacy and security of protected health information (PHI).
The departments implement policies and procedures to manage the acquisition, use, and disclosure of PHI; investigate privacy and security complaints and breaches; and provide regulatory guidance to members of the NYU Langone Health community to ensure that NYU Langone Health complies with federal, state, and local laws and regulations, as well as its own policies.
HIPAA Helpline
To report a HIPAA concern, please call the HIPAA Helpline at 877-PHI-LOSS or 877-744-5677. The helpline is available 24 hours a day, 7 days a week, in multiple languages. You can also complete an online submission. HIPAA concerns can also be reported to the Office of Internal Audit, Compliance, and Enterprise Risk Management at 212-404-4079.
Policies and Forms
Notice of Privacy Practices
Policy - Accounting of Disclosures of PHI
Policy - Breach Notification
Policy - Business Associates
Policy - Complaints, No Retaliation, No Waiver of Rights
Policy - Designated Record Set
Policy - Disclosures of PHI to Family or Friends
Policy - Disclosures of PHI by Telephone, Email, or Fax.pdf
Policy - General Uses and Disclosures of PHI
Policy - HIPAA Privacy Policies, Procedures, and Documentation
Policy - HIPAA Privacy Policy and Procedure Definitions
Policy - Minimum Necessary Standard for Uses and Disclosures of PHI
Policy - Mitigation of HIPAA-Related Incidents
Policy - Restricting Disclosures to a Health Plan
Policy - Right to Inspect and Obtain PHI
Policy - Right to Request Additional Restrictions on Use and Disclosure of PHI
Policy - Right to Request an Accounting of Disclosures of PHI
Policy - Right to Request an Amendment
Policy - Right to Request Confidential or Alternative Communications
Policy - Safeguarding PHI
Policy - Sanctions for HIPAA Violations
Policy - Sensitive PHI
Policy - Use and Disclosure of PHI in the Patient Directory
Form - Authorization for the Use and Disclosure of PHI and Instructions (medical records request form)
Form - Patient Request for an Accounting of Disclosures Form
Form - Patient Request to Inspect PHI Form
Form - Patient Request to Restrict Disclosures of PHI to an Insurer Form
Form - Patient Request to Restrict Uses and Disclosures of PHI Form
Form - Request to Amend PHI Form
Form - Patient Request for Confidential Communications of PHI Form