• E-mail
• Print
• RSS

How to handle an OCR investigation and other patient complaints

HIPAA Training Advisor, October 29, 2007

A disgruntled patient accuses you of failing to protect her PHI, thereby violating her rights under the HIPAA privacy rule, but rather than complaining directly to you, the patient goes straight to HHS' Office of Civil Rights (OCR) to air her grievances. Soon, you receive a letter from OCR outlining the complaint and demanding that you explain your actions and what you plan to do to resolve the situation.

"There are times when healthcare providers are blindsided by these complaints," says Mary D. Brandt, MBA, RHIA, CHE, of Brandt & Associates in Bellaire, TX. Patients are not obligated to complain to the healthcare provider before submitting a grievance to the federal government-they can bypass the provider and go straight to OCR.

Gather information carefully

If you receive a complaint directly from OCR, you may need to contact the patient to obtain more information about the problem. This situation requires tact and diplomacy, especially because the patient may be irritated and feel that you have not treated him or her fairly. Be sure to approach the patient in a nonconfrontational manner. Healthcare entities should contact the patient by telephone and discuss the alleged breach of privacy in a friendly, empathetic manner.

"Without all the necessary information, it is virtually impossible to adequately investigate the event," says Brandt. Although OCR provides a copy of the actual patient complaint, the amount of information varies based on a number of factors. These include the patient's ability to effectively communicate the circumstances of the event, as well as the patient's education level, she says.

Healthcare providers must have a central point of contact for all complaints and OCR notification letters. All staff members involved with customer service, registration, or your front office must know who is in charge of handling complaints and should immediately forward any complaints received to that individual.

Respond quickly

"The last thing you want is for an OCR notification to sit on the desk in a busy clinic. The clock is ticking, and a quick response is essential," says Brandt.

Respond swiftly and document your response including any action taken and any changes to existing procedures. If you fail to respond within the specified time, OCR will contact you again. "The OCR will not just drop the matter if you don't answer. And the longer you take to get back to them, the less patient they will become," Brandt says. She reminds facilities that OCR can impose financial penalties of $100 per violation and up to $25,000 per year.

Brandt recognizes that it is unrealistic to think that you will make every patient happy. However, if you do your best to rectify problems in a timely and sensitive manner, OCR will take that into consideration.

• E-mail to a Colleague
• Print
• RSS
• Archive