The complaint process

Patients who believe their Protected Health Information (PHI) has been breached can file a complaint with federal Office of Civil Rights(OCR). OCR may investigate complaints against covered entities and their business associates.

Complaint Requirements

A complaint must:

Be filed in writing, either electronically via the OCR Complaint Portal, or on paper by mail or fax;
Name the covered entity or business associate involved and describe the acts or omissions believed to violate privacy, security, or breach notification rules; and,
Be filed within 180 days of knowing that the alleged act or omission occurred. OCR may extend the 180-day period.

Anyone Can File

OCR recommends that complaints be filed through its Complaint Portal or throught its Health Information Privacy Complaint Form Package. Those needing help may e-mail OCR at [email protected].

HIPAA Prohibits Retaliation

Under HIPAA an entity cannot retaliate against a patient for filing a complaint.

How to Submit Complaints

To submit a complaint, please use one of the following methods:

File your complaint electronically via the OCR Complaint Portal
File A Complaint Using Our Health Information Privacy Complaint Package
File A Complaint Without Using Our Health Information Privacy Complaint Package

File A Security Rule Complaint

If you mail or fax a complaint, please type or print, sign, and return completed complaint form package (including consent form) to the OCR Headquarters address below. You do not need to sign the complaint and consent forms when you submit them by email because submission by email represents your signature.

Upcoming Webinars

[add_eventon_list hide_month_headers="no" hide_empty_months="yes" event_order="ASC" number_of_months="3" ]

Train Senior Leaders in Privacy & Data Security Management

November 13, 2023 No Comments

Managing privacy and data security across an organization requires its own expertise — and adequate training designed for privacy managers is essential. In fact, federal

Here’s Guidance on Privacy Security from Remote Locations

November 13, 2023 No Comments

Remote work presents its own set of security risks, relating to the safe keeping of private information. However, the use of Virtual Private Networks and

New Social Media Course

November 10, 2023 No Comments

MyHIPAA Guide is offering a new social media course that will help you protect your organization from potential privacy violations that result from social media

MyHIPAA Guide 2023 Privacy and Security Course Catalog

June 30, 2021 No Comments

Interested in privacy and security training under the Health Insurance Portability and Accountability Act (HIPAA)? Our course catalog includes more than 25 courses on all

Upcoming Events

Username or Email

Password

Keep me signed in

Lost your password?

10 Steps to Compliance

MyHIPAA Guide helps HIPAA-covered organizations understand what they need to do on a daily basis. Subscribers gain access to a comprehensive, human-centered HIPAA program.

CALL US TODAY: (234) 281-4310

MyHIPAA Guide

Product

Discover

DISCLAIMER: MyHIPAA Guide content, including newsletters, is for informational purposes only. MyHIPAA Guide is not intended as legal advice or as a recommendation for a provider’s specific circumstances, and it is not intended as an exhaustive or definitive source on protecting health information from privacy and security risks. Providers and professionals seeking expert advice should consult an attorney and/or a risk assessment professional.

NOTICE TO READERS: We will do our best to report updates on HIPAA rules as quickly as possible following public notifications. In submitting questions or comments to MyHIPAAGuide.com, NEVER SEND THE PROTECTED HEALTH INFORMATION OF A PATIENT.

Copyright © by M.E.D. Media Mart LLC - Published by M.E.D. Media Mart LLC.