What is HIPAA Violation Reporting?

The Department of Health and Human Services is responsible for investigating reports of violations of the HIPAA regulations. Anyone can report activity that he or she believes violates the HIPAA Privacy Rule or the HIPAA Security Rule. HIPAA violation reporting is subject to several requirements. These requirements are discussed in greater detail below.

HIPAA Violation Reporting: Rules for Patients

Covered entities are required to have patients sign a Notice of Privacy Practices that explains how the patient’s information may be used and disclosed, and the patient’s rights.

HIPAA Violation Reporting

The Notice of Privacy Practices must contain language explaining a patient’s right to report a suspected HIPAA violation. The Notice of Privacy Practices (NPP) must also contain language notifying a patient that they may file a complaint with a provider, if the patient believes his or her privacy rights have been violated. The NPP must provide the name and contact information of the person the patient should send the complaint to. The NPP must also state that the patient will not be subject to retaliation for the patient’s HIPAA violation reporting. Finally, the NPP must advise a patient that he or she may also file a complaint with the Secretary of Health and Human Services.

HIPAA Violation Reporting: Rules for Employees

Patients are not the only individuals who engage in HIPAA violation reporting. Members of a provider’s workforce, and business associates, may also engage in HIPAA violation reporting. Under the HIPAA Privacy Rule, providers must provide a process for individuals to make complaints concerning provider compliance with the HIPAA regulations. HIPAA leaves the exact steps to be followed under the reporting process to the discretion of the provider. However, whatever the provider concludes at the end of the investigation, must be documented in the complaint, including how the issue was resolved.

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

HIPAA retaliation for HIPAA violation reporting is prohibited. Covered entities and business associates may not