How to File a HIPPA Complaint
The Health Insurance Portability and Accountability Act (HIPAA) expands protections of confidential health information beyond the traditional patient-physician privilege. HIPAA restricts disclosures by doctors, hospitals, psychologists, pharmacists, health insurers, Medicare, Medicaid and other “covered entities," requiring them to safeguard your information. Under the law, you may request and view your records, have your information corrected, and permit or decline the release of your information in most cases. You may file a complaint with the federal government if an entity fails to protect your health information.
Other People Are Reading
Instructions
-
-
1
Obtain a Health Information Privacy Complaint Form Package from the Office of Civil Rights. Follow the link on the U.S. Department of Health and Human Services (HHS) website for HIPAA (see Resources below) or contact your regional Office of Civil Rights. Look for "U.S. Department of Health and Human Services" in the blue pages of your telephone book or follow the link on the HIPAA website for the regional office. Print a copy of the form or complete the form on your computer if you have a portable document file (pdf) reader or program, such as Adobe Acrobat.
-
2
Provide the information requested on the form. Identify the name and address of the physician, hospital or other “covered entity,” the actions you believe violated HIPAA and when and how the violation occurred. Explain why you believe the actions violate HIPAA. For instance, state if a health provider denied you access to your records or if someone released information without your permission. Describe the health information released. Sign the complaint, unless you submit it by email.
-
-
3
Mail or fax the complaint form to the Office of Civil Rights that covers your state. Locate the regional office on the back of the form. If you completed the form on the computer, email the form to OCRComplaint@hhs.gov. Print or save a copy of the completed complaint for your records.
-
1
Tips & Warnings
You may use your own format. Include your name, address, phone numbers and email address, as well as the name, address and phone numbers for the doctor or other "covered entity." Describe briefly the violation. Sign and date the complaint.
If OCR determines that a covered entity violated HIPAA, the OCR may resolve the case with the entity or impose civil penalties, which are paid to the government, not the complaining person.
Notify the Office of Civl Rights if you believe a covered entity retaliates against you, such as by denying service, because you filed a complaint.
You must file your complaint within 180 days after you first learned or knew of the violation. Or, you may ask the Office of Civil Rights to extend the time if you have a “good cause.” According to the Office of Civil Rights' website, good cause includes circumstances which make it impossible for you to meet the deadline.
The HIPAA privacy and security rules often do not apply to organizations such as your life insurance company, schools or school districts and law enforcement agencies.
References
- United States Department of Health and Human Services: Office of Civil Rights: How to File a Complaint
- United States Department of Health and Human Services: Office of Civil Rights: Complaint Form: Department of Health and Human Services: Office of Civil Rights
- United States Department of Health and Human Services: Office of Civil Rights: For Consumers
- United States Department of Health and Human Services: Office of Civil Rights: Summary of privacy rules: Department of Health and Human Services
- United States Department of Health and Human Services: Office of Civil Rights: What OCR Considers
Resources
- Photo Credit chart image by Byron Moore from Fotolia.com
