8. How do you report a HIPAA violation?
Answer: If you believe that a health care organization, such as Covered Entity (CE) or Business Associate (BA) has violated an individual’s health information privacy rights or actually committed a violation of the Privacy, Security or Breach Notification Rules, then you may file a claim with the U.S. Department of Health and Human Services Office of Civil Rights by visiting the following:
Please note the following regarding filing a HIPAA complaint:
Your complaint must:
- Be filed in writing, either electronically via the OCR Complaint Portal, or on paper by mail, fax, or e-mail;
- Name the covered entity or business associate involved and describe the acts or omissions you believe violated the requirements of the Privacy, Security, or Breach Notification Rules; and
- Be filed within 180 days of when you knew that the act or omission complained of occurred. OCR may extend the 180-day period if you can show "good cause."
- Anyone can file a complaint alleging a violation of the Privacy, Security or Breach Notification Rules.
- Also, under HIPAA, an organization cannot retaliate against you for filing a complaint, thus, you should notify OCR immediately in the event of any retaliatory action.
Download HIPAA Policies and Compliance Toolkits Today
hipaapoliciesandprocedures.com also offers industry leading HIPAA toolkits for both Covered Entities (CE) and Business Associates (BA) consisting of high-quality security policies and procedures, training material, readiness checklists and templates, essential legal forms, a HIPAA specific disaster recovery manual, and so much more. Learn about our industry leading HIPAA compliance toolkits toda.