The Right to Privacy
The right to privacy concerning personal health records and information is a frequently discussed topic among medical professionals and providers. However, few patients really understand their rights relative to this sensitive data. Congress passed the Health Insurance Portability and Accountability Act to ensure your private information receives the level of protection it deserves and you expect.
As a part of this act, there are clear guidelines for how your information is to be handled and protected. There are also very specific penalties for any breach of this required security, including both civil and criminal consequences. Lastly, the law provides you with a way for reporting a HIPAA violation.
Reporting a HIPAA Violation Concerns: What to Do
If you suspect health records and/or information have been compromised in any way, you have a right to notify authorities of this situation. In fact, you should know that a medical provider is required by law to report any actual or suspected violations themselves. If you have a concern, such as finding your personal situation was discussed in front of others or your files thrown away without proper protection, you should report such a breach.
When reporting a HIPAA violation concerns, there are a number of basic requirements under the law. These include these elements:
- It must be filed in writing, whether on paper or electronically. This can include faxes, emails, or regular mail
- It must name the covered entity or provider and how you believe they breached your privacy or the security of your information and/or how they failed to comply with the Breach Notification Rules
- It must be filed within 180 days of when you knew of the violation (this can be extended another 180 days in certain circumstances)
There is a specific OCR Complaint Portal to make such reporting easier and secure. Additionally, it is worth remembering anyone can report such a violation, whether an individual, a caregiver, or even an employee of a covered entity. Also, you can take confidence in the fact that HIPAA also prohibits any covered entity or provider from retaliating against you for filing such a complaint.
Have you had to report a HIPAA violation?