HealthLawProf Blog

Editor: Katharine Van Tassel
Case Western Reserve University School of Law

A Member of the Law Professor Blogs Network

Wednesday, September 26, 2012

Filing a complaint with HHS about a HIPAA violation: a warning about "how (not) to"

By HealthLawProf

I posted in June about the fact that my social security number (and possibly other personal information) had been downloaded to an unknown site in Eastern Europe as part of a large security breach from the Utah state health department, http://lawprofessors.typepad.com/healthlawprof_blog/2012/06/i-do-notusually-tell-personal-stories-in-scholarship-but-this-is-a-blog-and-imexperimenting-i-hope-my-story-will-beof-m.html.  In connection with that breach, I have filed a complaint with the Office for Civil Rights at HHS (OCR).

I thought readers might like to know, however, that the process of complaining about a HIPAA violation to OCR is cumbersome indeed.  There are forms available on line, here, http://www.hhs.gov/ocr/privacy/hipaa/complaints/hipcomplaintform.pdf.  You can open them, and fill in information, but you can't save them.  If you close the form, you lose all the data. You also can't file them online--you have to print them out and fax them off.  (You are helpfully told, however, to "print out a copy for your records.")  I finally figured out that if you save the form to notepad before you fill it out, you can then email it to HHS--but this required a telephone call to the appropriate regional office of HHS.

When I pointed out to OCR that this process is not exactly user-friendly, they indicated that they are "working on it." Imagine someone without a home computer, or a home fax machine, or a home printer, using public library computers in the effort to reach OCR about what they regard as a significant problem with their health information. Surely in a world of blue buttons and digital Medicare strategies, see Responsive Design and the New Medicare.gov, http://www.hhs.gov/digitalstrategy/responsive-design-and-new-medicaregov.html, the ability to file a complaint about possible violations of health information security or confidentality should be an easier online process. 

[LPF]

https://lawprofessors.typepad.com/healthlawprof_blog/2012/09/filing-a-complaint-with-hhs-about-a-hipaa-violation-a-warning-about-how-not-to.html

| Permalink

TrackBack URL for this entry:

https://www.typepad.com/services/trackback/6a00d8341bfae553ef017c3227a91a970b

Listed below are links to weblogs that reference Filing a complaint with HHS about a HIPAA violation: a warning about "how (not) to":

Comments

Post a comment