I receive many questions and e-mails about possible violations of the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy Regulations and Security Regulations, and breaches of confidentiality of medical records and medical information. I will attempt to explain and clarify this issue a little in this short blog.
More detailed information on HIPAA Privacy Regulations and Security Regulations, can be found at: http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html
There is no private cause of action allowed to an individual to sue for a violation of the federal HIPAA or any of its regulations. This means you do not have a right to sue based on a violation of HIPAA by itself. However, you may have a right to sue based on state law. See below.
1. File a HIPAA Privacy Complaint with the Office of Civil Rights (OCR).
As a first step, you may desire to file a HIPAA Privacy Complaint with the federal government. These are usually required to be filed within 180 days of the event (there are limited exceptions). They are usually all taken and fully investigated. If it is an egregious or a repeat violation, it may even result in an investigation by the Federal Bureau of Investigation (FBI) and criminal charges being filed against those responsible. However, in most cases if there is a valid complaint, the federal government will assess administrative fines against those responsible. In almost all cases, a report will be made back to you of what is found and what actions have been taken.
If you decide to file a HIPAA Privacy Complaint, this is done with the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (DHHS). You may do this online. The Complaint form is found at: http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html
If you follow this process and receive a finding that verifies the violation, you may find it easier to retain an attorney to take your case. Please note, there is only a very short period of time in which you are allowed to file such a complaint after you have discovered it. So be sure to do this right away.
2. File a Complaint Against the Physician Involved with the Florida Department of Health (DOH).
The Florida Department of Health (DOH) licenses all physicians, nurses and health professionals in the state of Florida. It is also responsible for investigating complaints against them. The various professional boards (Board of Medicine, Board of Nursing, etc.) are under the DOH.
If there was a violation or breach of patient confidentiality or medical records confidentiality, this may also be a violation of the state’s laws on patient or medical records confidentiality. This is true in most states, not just Florida.
If there was a violation or breach of patient confidentiality by a licensed health care professional, you may also file a complaint with the appropriate state licensing board or agency about this, as well. In Florida, for example, if a licensed health professional did this, you may decide to report this to the Florida DOH. If they are licensed in a different state, you may have to follow that state’s procedure for filing a complaint.
For Florida, you may call the Florida DOH at (888) 419-3456 or (850) 245-4339, or you may use the online complaint form found at: http://www.doh.state.fl.us/mqa/enforcement/enforce_csu.html
The Florida DOH will investigate the complaint and will usually have an expert witness review it. If there is a finding against the physician (or other licensed health professional) you can ask for a copy of the DOH expert’s report. This may result in your obtaining a free expert witness review of the case. The expert witness might even agree later to testify as an expert witness if there is a civil lawsuit filed (however, this is something your attorney would have to work out with the expert witness).
3. File Grievance or Report to Third Party Payer (Medicare, Tricare, VA, Insurance Co.).
If you are a Medicare patient, TRICARE/CHAMPUS patient, Veterans Administration (VA) patient, Public Health Service patient, or military patient, you may also report this to the Office of the Inspector General (OIG) of that specific agency.
If you are a member of a managed care plan or have health insurance, you may desire to file a member grievance or complaint with the insurance company. Every physician who accepts Medicare is subject to the Medicare Program’s peer review system. You may file a complaint directly with Medicare and ask for it to be reviewed by the Medicare peer review program.
More on HIPPA Violations to Come.
In a future blog, I will continue to explain and clarify HIPPA violations.
Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.
The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).
For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.
About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.