For a better experience, click the Compatibility Mode icon above to turn off Compatibility Mode, which is only for viewing older websites.

Incident Reporting

Drexel University Clinical Covered Entities
Privacy Program Policies and Procedures

Policy Title: Incident Reporting
Policy Number: PPS-09
Effective Date: April 14, 2003; September 23, 2013
Last Revision: September 1, 2017
Responsible Officer: Executive Vice President, Treasurer and Chief Operating Officer

Table of Contents


This policy applies to all Covered Entities within Drexel University.

Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.

I. Policy

Drexel University (DU) requires, through our HIPAA Compliance Program, meaningful and open communication. To this end, we require that employees report conduct that a reasonable person would, in good faith, believe to be inappropriate or irresponsible in permitting or facilitating the release of protected health information (PHI).

The DU Privacy and Security Committee will serve as the "incident response team" to immediately address all reported or suspected Privacy Program Incidents.

Failure to report inappropriate or irresponsible conduct is a personnel violation (under our HIPAA Compliance Program). It is the policy of DU to encourage disclosure and to discuss areas for improvement. To this end, there shall be no retribution for reporting conduct that a reasonable person acting in good faith would have believed to be inappropriate or irresponsible.

II. Purpose

To provide the process and form used for incident reporting. To facilitate this reporting, DU has created a user-friendly process of reporting potential or actual policy violations.

III. Procedure

  1. Use the attached Privacy Program Incident Form to report a suspected violation or procedure that permits a violation to occur.
  2. Fax it to 267.359.5500 or Mail it to Chief Privacy Officer, Drexel University, 13th Floor Bellet Building, 1505 Race Street, Philadelphia, PA 19102.
  3. You are not required to sign your name to the form.
  4. Alternative: Report to the Confidential Hotline at 1.866.358.1010.
  5. Following the receipt of such report, the DU Privacy and Security Committee shall conduct on investigation in accordance with Privacy Policy PPS-24 and to the extent required provide notification in accordance with such Policy.

 Back to Top