How do i report hipaa violations

Unfortunately, this may also dissuade individuals from making genuine complaints. A further reason is that, if an individual is making a complaint about a privacy violation, it is important OCR knows whose privacy has been violated. Complaints to a Privacy Officer can relate to privacy violations, breaches of process, or any other administrative issues. You may also be able to take legal action if your privacy has been violated and claim compensation for a HIPAA violation.

You are also likely to have to demonstrate that you have suffered harm or a verifiable financial loss due to an unauthorized disclosure of your health information or other privacy violation. Whether or not it is possible to report a HIPAA violation anonymously via these options may depend on individual policies and state laws. Smaller companies may assign the Compliance Officer role to another employee who carries out this function in addition to other responsibilities.

Patients can also report their complaints directly to the OCR, as they are under no obligation to contact the covered entity first. Once again, complaints or reports of suspected HIPAA violations must be made within days of discovery of the problem. Precise information such as dates should be included if known, with the overall report being made in as concise and relevant a manner as possible.

The OCR will then consider the complaint and determine whether the information provided points to a potential HIPAA violation that warrants further investigation. It should be noted, however, that the OCR has stated that they will not commence an investigation into a covered entity unless the complainant is named and has provided contact details.

The OCR must be notified if covered entities try to take retaliatory action against complainants, as this is illegal. Submit your complaint. After you have completed both the complaint and consent forms again, the first four pages of the form package , you have several options for submitting your complaint to OCR: [9] X Trustworthy Source US Department of Health and Human Services Federal department responsible for improving the health and well-being of Americans Go to source You can print out the completed forms and either mail or fax them to the appropriate regional OCR office the OCR office in the region where the violation occurred.

OCR provides a list of contact information for its regional offices online. Method 2. Submit a written complaint. If you don't want to use the official form package OCR provides on its website to report a HIPAA violation, you can also just write out a complaint in your own format. You will then submit the written complaint in the manner you would submit the official form by mail or fax to the relevant regional office or by e-mail.

The name, street address, and telephone number of the entity you believe committed the violation. A brief description of the violation specifically: the how, why, and when of the violation. Your signature and the date of the complaint.

If you are filing the complaint on behalf of another person, you must include that person's name as well. Submit a complaint online. You will be given the option to print out a copy of your complaint. Method 3. File a complaint against a "covered entity. Hospitals, clinics, nursing homes, pharmacies. Health-insurance companies, company health plans. Government healthcare programs such as Medicaid or Medicare. Know who you cannot report.

Just as there are certain entities that are covered by HIPAA's provisions, there are those that are not bound by its rules and therefore incapable of violating them. OCR will not investigate a complaint filed against the following entities: [16] X Trustworthy Source US Department of Health and Human Services Federal department responsible for improving the health and well-being of Americans Go to source Employers, life insurers, workers' compensation carriers.

Many state agencies, such as those dealing with child-protective services. Many law-enforcement agencies. Many municipal offices. Know what information is protected. The HIPAA Security Rule requires any covered entity that stores your healthcare information in electronic form to have taken the appropriate security measures to protect that information from unauthorized access. Conversations your doctor has with other healthcare professionals regarding your care or treatment.

Billing information at your clinic and personal information held by your health insurer. Know what covered entities are required to do to protect your information. HIPAA requires covered entities to put in place certain measures and take certain action to ensure that your healthcare information is protected from unauthorized access or disclosure. Limit use and disclosure of your health information to only that which is necessary.

Establish procedures to limit access to your health information. Train employees on how to protect your health information. Know your rights. HIPAA also gives each individual certain rights over their own healthcare information.

Any covered entity must respect and comply with these rights. Having your health records corrected as appropriate. Deciding if your health information can be shared for other purposes, such as marketing.