Filing a Complaint
Requirements for filing a Complaint
While filing a complaint, the following points should be borne in mind:
► The complaint should be filed in writing-either on paper or electronically, by mail, fax, telefax or e-mail.
► Disclosing the name of the covered entity involved in violation of HIPAA and describe the acts or omissions that he/she believes has resulted in the violations of the Privacy or Security Rule and on occurrence of violation pertaining to the procedures in HIPAA systems and processes, complaint needs to be lodged within 180 days from the date of occurrence. Relaxation regarding the deadline of 180 days period can be made possible only if the concerned individual can show "good cause." or a valid reason for the same.
Anyone can file a complaint alleging a violation of the Privacy or Security Rule. For this purpose, it is recommended that the individual makes use of OCR Health Information Privacy Complaint Form Package. He/She can request a copy of this form from an OCR regional office.
Retaliation is strictly prohibited by HIPAA
Under HIPAA, an entity cannot does not have right to retaliate against an individual for filing a complaint. In case of any retaliatory action, the concerned individual should notify OCR immediately, without much delay.
Procedures for submission of a Complaint
For submitting or lodging a complaint, one of the following methods may be used as described below:
If an individual wants to mail or fax the complaint, it is recommended to cross-verify that such a complaint is delivered to the appropriate OCR regional office based on the location wherein the alleged violation occurred. OCR has ten regional offices and each regional office covers specific states. The complaint to be lodged or filed should be sent highlighting the attention of the OCR Regional Manager.
In case, if the lodged complaint is an email, it is not mandatory or binding to sign the complaint and consent forms because submission by an email represents your signature.
In case, if the complaint is handwritten on the paper, in that event the letter needs to be signed by the concerned individual for validating the complaint pertaining to the violation of HIPAA.