Filing a complaint against a covered entity or business associate due to them violating your health information privacy or because they committed another violation of the privacy act is very easily done with OCR. A covered entity is a health care provider that conducts specific health care transactions electronically. A business associate is someone that preforms functions on behalf of a covered entity that have access to protected health information. The first thing a patient needs to do is get in touch with OCR and explain the situation then once OCR has the whole story they can start an investigating the complaints against the covered entity or business associate.
There are a few steps that are required in order to file a proper complaint. First, the complaint needs to be filed in writing. It can either be electronically written via the OCR complaint portal, by mail, or by email. Second, the names of the covered entity or business associate involved. Lastly, the complaint must be filed within 180 days of the incident.
If you go past the 180 days but have a good case there is a chance that OCR could extend the period. Anyone can file a complaint against a covered entity or a business associate it doesn’t matter if you are a patient or an employee. Also, under the HIPAA law a covered entity cannot retaliate against anyone that files a complaint.
This is important to know because people may hesitate on filing a complaint because they don’t want that person to come back at them. It is important that all incidents be documented because if it happened one time it could happen again and that wouldn’t be good for the business. Breaking the HIPAA law is a very serious act that needs to be stopped before something serious happens to the person whose information was violated.
File your complaint electronically via the OCR HIPAA Complaint Portal
File A Security Rule Complaint using HIPAA complaint package