Privacy FAQ

How do I Report a Privacy Incident?

What is Care Everywhere and Health Information Exchange (HIE)?

I No Longer Want to Participate in the Health Information Exchange (HIE). What Do I Do?

My Medical Records are Incorrect. What Do I Do?

How Do I Obtain a Copy of My Medical Records?

How do I Submit a Compliance Question or Compliant?

What is HIPAA?

What is the purpose of HIPAA?

Is the University required to comply with HIPAA?

What is a Business Associate (BA)?

What is a Business Associate Agreement (BAA)?

What is an OHCA?

When is a BAA needed?

How do you determine if a BAA is needed?

Why do I need to submit a BAA request?

What is PHI?

What are the 18 direct/indirect identifiers related to PHI?

How long will it take to process a BAA request?

How long do vendors take to return the signed BAA?

What does a “Fully Executed” BAA mean?

Is there anything that needs to be done differently if I am working with a BA as opposed to a member of the University’s workforce?

Is a covered entity liable for, or required to monitor, the actions of its business associates?

Submit Compliance Incident

Weill Cornell Medicine Compliance & Privacy Office 575 Lexington Avenue, 9th Fl New York, NY 10022 Phone: (866)-293-3077