Filing a Complaint
How to File a HIPAA Health Information Privacy or Security Complaint
If you think that a HIPAA-covered entity or its business associate has breached your (or someone else's) health information privacy rights or violated the Privacy, Security, or Breach Notification Rules, you can file a complaint with the Office for Civil Rights (OCR). OCR investigates complaints against covered entities (like health plans, health care clearinghouses, or electronically transmitting health care providers) and their business associates.
Anyone can file a health information privacy or security complaint. Your complaint must:
- Be filed in writing by mail, fax, e-mail, or via the OCR Complaint Portal
- Name the covered entity or business associate involved, and describe the acts or omissions, you believed violated the requirements of the Privacy, Security, or Breach Notification Rules
- Be filed within 180 days of when you knew that the act or omission complained of occurred. OCR may extend the 180-day period if you can show "good cause"
How to File an OSHA Safety or Health Complaint
An employee or their representative, who believes they faced retaliation for disclosing HIPAA-protected information while reporting or complaining about workplace safety or health issues, can file a complaint with OSHA within 30 days of the retaliation.
You should file the complaint with the OSHA office in the area where you live or work that handles enforcement. Alternatively, you can file it with any OSHA officer or employee.
For more information, contact your closest OSHA Regional Office.
Knowledge Check Choose the best answer for the question.
2-8. An employee, or representative of an employee, who believes he or she has been retaliated against for disclosing HIPAA-protected in the course of reporting a complaint about workplace safety and health may file a complaint with OSHA _____.
You forgot to answer the question!