• E-mail
• Print
• RSS

Civil rights office receives 637 HIPAA privacy complaints

HIPAA Weekly Advisor, June 27, 2003

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

HHS' Office for Civil Rights (OCR), which enforces the HIPAA privacy rule, has received 637 privacy complaints. The office began accepting complaints after the April privacy compliance deadline, and its figures reflect those complaints received through the middle of June, according to data presented to the National Committee on Vital and Health Statistics (NCVHS) at its June meeting.

Of those complaints, OCR has accepted 260 for investigation. The office closed 124 without further investigation and hasn't yet decided whether to investigate the remaining 253 complaints.

Stephanie Kaminsky, JD, the OCR liaison to the NCVHS, says OCR accepts a complaint for investigation when it determines that, if substantiated, a complaint represents a HIPAA violation. It rejects cases that would not constitute a violation. It has most often closed cases that refer to events that happened before the April privacy compliance deadline. The following are the top reasons for complaints that it has accepted:

• Patient denied access to his or her medical records
• No notice of privacy practices provided to patients
• Inadequate privacy safeguards in place in treatment settings

In addition, Kaminsky told the committee, it has received several HIPAA privacy complaints from employees reporting the organization where they work. "I don't know if it's full-fledged whistleblowing, but it's along those lines," she said. OCR is still developing criteria for when to refer a complaint to the Department of Justice for criminal prosecution. She said she knows of no complaints to date that have been referred for prosecution.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive