Post on 15-Jul-2015
7 Steps To Take When YouHave A HIPAA Complaint
Jason Karn, Total HIPAA Compliance, LLC
What do you do when a client/patient contacts you about improper use of their PHI, and
thinks they have a HIPAA Complaint?
When You Receive a Complaint
ONE
Open channels of communication
• Listen closely to what the client/patient is saying, what the issue is, and what kind of resolution they are looking for.
• Many times, listening can solve most of your problems, and will keep this person from filing a formal complaint with HHS.
TWO
Document the complaint
• Regardless of whether the person files a complaint with HHS, it’s important that you document what the issue was, when it occurred, and what information the person felt was released or used improperly.
THREE
Determine how many clients are affected
• If fewer than 500 people are affected, file a report with HHS within 60 days of the end of the calendar year.
• Breaches of over 500 persons’ information need to be reported to HHS within 30 days of discovery, or from when you should have known there was a Breach. • These large Breaches also need to be reported to
prominent local media outlets, and posted on your website.
FOUR
Fix the problem • Sometimes this is easier said than done. (See
Slide 1.) Once information has been released, it’s hard, if not impossible, to un-release it.
• Update your records to reflect that you’ve identified the problem and made the necessary changes.
FIVE
Reduce the impact
• Many providers give harmed clients/patients free credit monitoring for a year to help mitigate any issues they might come up against.
SIX
Review other similar situations
• If you do find there was an issue with your policies or actions of your workforce, you should audit similar records to make sure this is a one-time incident and not the proverbial ‘canary in the coal mine’.
SEVEN
Going forward• This client/patient may still wish to use your
services after the complaint. By law, you are NOT allowed to retaliate in any way.• This may be uncomfortable for you and people in your
agency/practice, but the reality is they might be doing you a favor by pointing out an error!
• If the situation does become a major issue, you can suggest that the client/patient might be more comfortable with another provider, but you cannot force them to make this change.
Need help responding?
TOTAL HIPAA COMPLIANCEinfo@totalhipaa.com
800.344.6381
Copyright notice from Jason Karn, Total HIPAA Compliance, LLC
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
What does that mean?
You may freely share this slide deck in its entirety with anyone. Splitting up the deck or charging for the copies is out of bounds.
The original slide deck can be found at
www.TotalHIPAA.com