If you believe that your health information has been breached, there are a few steps you can take:
- Confirm the breach:
- First, you should confirm that there has actually been a breach. This might involve contacting your healthcare provider or the organization that you believe may have had a breach.
- Report the breach:
- If you confirm that there has been a breach, you should report it to the appropriate authorities.
Depending on the situation, this might include your healthcare provider, your insurance company, or law enforcement.
To file a complaint you will have to fill up the Health Information Privacy & Security Complaint Form Package PDF.
File a complaint if the following information has been affected:
- Information your doctors, nurses, and other health care providers put in your medical record
- Conversations your doctor has about your care or treatment with nurses and others
- Information about you in your health insurer’s computer system
- Billing information about you at your clinic
- Most other health information about you held by those who must follow these laws
Complete as much information as possible, including:
- Information about you, the complainant
- Details of the complaint Any additional information that might help OCR when reviewing your complaint
You will then need to electronically sign the complaint and complete the consent form.
After completing the consent form you will be able to print out a copy of your complaint to keep for your records.
You will need Adobe Reader software to fill out the complaint and consent forms. At the end of the form you will have to sign it and give your consent.
You may either:
MAIL: Print and mail the completed complaint and consent forms to:
Centralized Case Management Operations U.S. Department of Health and Human Services
200 Independence Avenue,S.W. Room 509F HHH Bldg.
Washington, D.C. 20201
OR
EMAIL: Email the completed complaint and consent forms (PDF) to:
The HHS will contact you to follow up or request more information.
The HIPAA Privacy Rule is a federal law that gives you rights over your health information and sets rules and limits on who can look at and receive your health information.
The Privacy Rule applies to all forms of individuals’ protected health information, whether electronic, written, or oral.
The HIPAA Security Rule is a federal law that requires security for health information in electronic form. In addition, the Patient Safety Act and Rule establishes a voluntary reporting system to enhance the data available to assess and resolve patient safety and health care quality issues, and provides confidentiality protections for patient safety concerns.
Anyone can file a health information privacy or security complaint.
For more visit: HHS Gov
