HIPAA Violations: Self-Help and First Steps When Your Medical Information Has Been Disclosed



So you believe your doctor or a hospital has violated your medical privacy rights, but you don’t know what to do. Well, the good news is there are simple steps you can take to begin fixing the violation of your medical privacy rights.

The first step you should take before contacting a lawyer is to file a complaint with the U.S. government agency responsible for investigating HIPAA violations and enforcing HIPAA regulations. That agency is a subdivision of the Department of Health and Human Services called the Office of Civil Rights. You can read about the complaint process here. And you can file a complaint online with the Office of Civil rights here. Follow the online process and file a complaint. Do note that they request you do this within 180 days of the breach of your medical privacy, but regardless of when it happened, you should do the complaint. You should keep a copy for your records and for an attorney should you hire one. You will be contacted by the Office of Civil Rights and notified that the investigation has begun and then you will be notified when the investigation is complete. Once the investigation has been completed, you will know if the Office of Civil Rights found that a violation has occurred and what action they have taken against that medical provider.

The second step you should take before contacting a lawyer is to write out your complaint in a letter or email and send it to the medical provider or hospital you believe that violated your HIPAA or medical privacy rights. By law, every medical provider who must comply with HIPAA’s protected health information regulations must designate a person or office responsible for receiving HIPAA and medical privacy violation complaints. Once a medical provider is notified of a complaint, they must investigate, and notify the Department of Health and Human Services, affected individuals whose privacy may have been breached, and sometimes the media. This is required by something called the Breach Notification Rule. The place you report it to must conduct an investigation and must notify you of the results of the investigation.
Keep copies of any complaints you write, any emails you send or receive related to the complaints, and any letters or documents you may receive from any entity regarding their investigations.

Before you contact a lawyer, take these two steps and you are on your way to getting the justice you deserve. Your actions can prevent violations like this from happening to you and other people in the future.

The McKenzie Law Firm has been representing victims of medical privacy violations for years. If you have followed these two steps and still wish to pursue legal action against the medical provider, please contact our firm.

Alistair McKenzie

J. Alistair McKenzie is a champion for the people and has made a name for himself as a vigorous protector of their constitutional rights. To him, the law is not a job, it’s a calling to combat injustice in society. Learn more about Alistair or contact him to discuss your case.

Your Journey Back to Stability Starts Now.