Today’s letter is C, “C is for Complaints.”
A covered entity must have a procedure for individuals to file a complaint regarding its privacy practices or for an alleged violation of the Privacy Rule.71 The Notice of Privacy Practices must contain contact information for the covered entity’s privacy officer and information on how to submit a complaint to the Office for Civil Rights.
The privacy officer or designee investigates all complaints involving privacy of protected health information and should maintain records on the complaints and their resolution. The Privacy Officer will determine whether or not there has been a violation or a breach of unsecured PHI.
On behalf of the covered entity the Privacy Officer responds to inquiries initiated by the Office for Civll Rights as it investigates complaints.
Under the HIPAA Rules there is a no retaliation for making a privacy complaint.
This is your HIPAA ABCs brought to you by HIPAA Associates. Contact us for more information on this important topic. Follow us on Facebook and Twitter.