The HIPAA law was created back in 1996 to help protect patients from having their personal medical information leaked into the wrong hands. With the HIPAA law, doctors and medical professional are not allowed to share a patient’s medical history or personal information with other companies, medical institutions, or individuals. This means that test results can no longer be left on voicemails or with a patient’s spouse or other family member, unless the individual gives their consent. On April 14, 2003, the HIPAA law became federally enforced, and companies found to have broken the law can face serious consequences.
There are a lot of nuances associated with the HIPAA law, but it mostly centers on keeping patient information private. Most medical institutions have created best practices and installed policies to ensure they follow HIPAA regulations, but that doesn’t mean that mistakes don’t occur.
If you believe that a HIPAA violation has occurred, you need to follow these steps.
Know the laws.
It’s important to understand that anyone can file a claim. You don’t have to be a medical professional to do so. For example, if you are a patient and you know for a fact that your doctor violated the HIPAA law, it’s perfectly acceptable for you to file a complaint against them.
Some people decide not to file a complaint because they fear retaliation, but under HIPAA law, no entity or individual can retaliate against you for filing a claim. For example, if you witnessed a HIPAA violation in the medical entity you work at, your boss cannot fire you for filing the complaint. This is retaliation, and you are protected from this under the law. Fear of retaliation is not a valid reason to not file a claim. If you witnessed a HIPAA violation, do the right thing and report it.
Contact your company’s HIPAA department.
If you are a medical associate who performed or witnessed a HIPAA violation, the very first thing you need to do if you or someone else has violated the HIPAA law is to contact your company’s HIPAA department. Most healthcare institutions have created these departments to train employees and ensure the policies are being followed. If your company does not have a HIPAA department, the next best thing is to contact your company’s HR department and make them aware of the violation. They will then either handle the violation on their own, or provide you with the information you need to file a complaint.
File a complaint.
If your HR department wants you to file the complaint yourself, or if you simply want to take matters into your own hands because you don’t work in the medical field, the next step would be to file a complaint with the US Department of Health and Human Services. This complaint can be filed either in writing or sent electronically. You will want to ensure that the name of the individual or entity that performed the violation is listed, and describe the act in detail that was performed that violated the HIPAA law. If you have any documentation to prove your claim, you should also send this documentation along with your complaint.
It’s very important that you file this claim within 180 days of the violation. This not only improves the speed of the resolution, but it also provides a better case to prove a violation occurs.
