: Complain directly to the organization's HIPAA Compliance Officer .
: File a formal complaint with the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) . Phi zip
Under the , a ZIP code is considered Protected Health Information (PHI) because it is a geographic subdivision smaller than a state that can be used to identify an individual . Reporting PHI Violations : Complain directly to the organization's HIPAA Compliance
: Contact your state Attorney General’s office to report the violation. When a ZIP Code is NOT PHI (Safe Harbor Rule) Reporting PHI Violations : Contact your state Attorney
To "de-identify" a report and remove the PHI status from a ZIP code, the method requires specific modifications: HIPAA PHI: List of 18 Identifiers and Definition of PHI
If you need to report a breach or violation involving PHI (such as the unauthorized disclosure of patient ZIP codes), you can take the following steps: