Please note that Internet Explorer is incompatible with this site.

We recommend upgrading to the latest Microsoft Edge, Google Chrome, or Firefox.

Professional Integrity Office

Quick Links

1. How do I report a privacy incident or breach that happened in my department?

Please report the breach at the following link: https://usf.complianceprohealth.com/report/privacy

2. How do I request you review a contract to determine if I also need a Business Associate Agreement to go along with the underlying contract?

Please request a review at the following link: https://usf.complianceprohealth.com/report/privacy

3. How do I request additional copies of Privacy Posters for my clinic?

Please call our helpline at (813) 974-2222 and provide the number of posters needed along with your internal mailing code (example, MDC74).

4. I have concerns that our department is violating HIPAA or patient privacy, who do I call to report my concern?

Please call the Privacy Officer, Barbara Wolodzko, at (813) 974-7413
or our help line (813) 974-2222.

5. I think our clinic is not following HIPAA guidelines, is there someone that can walk through our clinic to make sure are in compliance?

Yes, either the Privacy Officer or the Privacy Specialist, Ben Johnson, will be happy to arrange a date/time to walk through your clinical site. He or she can also arrange to do an unannounced visit as well.

6. How do I confidentially report a privacy issue?

Please call our office at (813) 974-2222 and ask to remain confidential.

7. What are the “punishments” or sanctions involved when a person violates HIPAA?

There are civil and criminal sanctions in addition to USF Health sanctions. The current policy states: Sanctions include disciplinary action and other sanctions, as warranted and described in the USF Health Privacy/Security Violation Categories and Sanctions.  Disciplinary action is determined by management in accordance with the disciplinary action policies/standards applicable to the individual workforce member in consultation, as warranted, with the respective Human Resources, Faculty Affairs, Graduate Medical Education Office or Student Affairs office. Disciplinary action is based upon the specific facts of each situation, including consideration of whether improper use, access or disclosure was intentional or unintentional and the severity of the impact on the individual(s) whose PHI was involved. Discipline ranges from counseling/verbal warning/reprimand to termination of employment or business relationship, or dismissal from the respective educational program. Other sanctions described in the Table are determined by management in consultation with the Professional Integrity Office. Although the disciplinary actions for various Workforce segments may differ in terminology and process, USF strives to apply sanctions for HIPAA privacy and security violations consistently across the Workforce. Sanctions applied are documented in accordance with the disciplinary action standards applicable to the respective Workforce member.

This Standard does not apply to a member of the Workforce who meets the conditions of the HIPAA regulations related to whistleblowers and workforce member crime victims (§ 164.502(j)) or for filing complaints to the Secretary of Health and Human Services in accordance with HIPAA (§ 160.306). Please refer to the sanctions policy for specific categories of sanctions.

8. If I report a privacy issue, will I be punished or retaliated against?

No, we have a strict non retaliation policy we follow.

9. I have access to Epic. May I therefore view my own medical record?

No, we have a policy against self-access unless you are a credentialed provider who is permitted under your licensure to self-treat. You may view your record by signing up for a MyChart account or signing a release with Health Information Management to view/receive copies of your medical record.

10. May I access my child’s, husband’s, wife’s, parent’s record through Epic?

No, unless your job function determines you must access such. You may request the patient to provide you with access to his/her MyChart account by having them sign a Proxy Form. You may also have the patient sign an authorization that permits you to view the reports through Health Information Management. Additionally, children who are aged 12-17 have specific rights to privacy under Florida law.