How to Report HIPAA Violations
HIPAA violations are a serious problem; the privacy of individual medical records is an important right. Examples of a HIPAA violation include the publication of any medical records, such as on the Internet, unauthorized access to medical records by employees or outside personnel, unauthorized release of medical information to a patient's employer or the sale of an individual's medical records. If you feel that your privacy under HIPAA has been violated, there are steps to take in order to report this violation.
Other People Are Reading
Instructions
-
-
1
Decide if the violation is serious enough to warrant a report to the federal government. If it is, visit the U.S. Department of Health and Human Services' Web site, and file a complaint online within 180 days of the violation. It will be sent to the Office for Civil Rights, and your complaint will be addressed.
E-mail the Office of Civil Rights at OCRMail@hhs.gov if you have any questions about filling out the form; a representative will instruct you on the information you need to provide and how the form needs to be filled out. -
2
If you decide not to file a complaint with the federal government, there are still steps you can take to deal with the violation.
-
-
3
Visit the location where the violation occurred, and speak with the privacy or HIPAA officer, who is responsible for handling complaints about HIPAA violations. To speak with a HIPAA or privacy officer, call or visit the office and ask for that individual; every office covered by HIPAA will have a designated employee who handles privacy claims. Be prepared to submit information about the circumstances in writing.
Under HIPAA, retaliatory action cannot be taken against you for filing a claim, and you should notify the Office for Civil Rights if you experience retaliation as a result of the complaint.
-
4
Know your rights under HIPAA. It is much harder to tell if your privacy rights have been violated unless you understand how HIPAA protects you; under HIPAA, you have rights to access your medical information, and you must be notified of how your medical information is used, among other things.
If a doctor or health care provider violates HIPAA, filing a complaint with the federal government or the doctor's HIPAA officer is your best course of action to correct the violation.
-
1
