Privacy Incident/Breach

IEHP has established a HIPAA Privacy Program to ensure that Member’s health information is properly protected while allowing the flow of health information needed to provide and promote high-quality health care.


A privacy breach is defined as unauthorized acquisition, access, use, or disclosure of protected health information (PHI) which compromises the security or privacy of the PHI.

PHI includes individually identifiable health information, including demographic information, whether oral or recorded in any form, that relates to the physical or mental health of a Member,  the provision of health care to that Member, or the payment for the provision of health care to that Member.

This generally means that a breach occurs when PHI is accessed, used, or disclosed to an individual or entity that does not have a business reason to know that information. The law does allow information to be accessed, used, or disclosed when it is related to treatment, payment, or healthcare operations directly associated with the work that we do at IEHP on behalf of our Members.

Report a Privacy Incident/Breach Click Here (By clicking on this link, you will be leaving the IEHP website).