Process for Dealing with a Patient HIPAA Complaint

Anyone can file a complaint if they feel their rights under the HIPAA Privacy, Security, or Breach Rules have been violated. They can file a complaint with the covered entity or business associate involved, or with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (the OCR). The HHS.gov website has a full page dedicated to filing a complaint and is one of the first listings to appear if someone performs an internet search for “filing a HIPAA complaint”.

Appropriately handling the patient’s complaint by taking it seriously, investigating, and responding may help decrease the risk of the OCR launching an investigation into your pharmacy. Additionally, if an investigation does occur, following the steps listed below can help ensure that your pharmacy would have all the required information documented to prove you handled the situation pursuant to the HIPAA Rules.

Steps to follow if a patient believes their HIPAA rights have been violated:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Have the patient fill out a HIPAA Complaint Form
- PAAS National^® members with the Fraud, Waste, and Abuse (FWA) and HIPAA Compliance Program can use the HIPAA Patient Complaint form in Appendix B of their Policy & Procedure Manual (P&P Manual)
The pharmacy’s HIPAA Privacy Officer should review the complaint form to determine if a violation or breach occurred
- FWA/HIPAA Compliance members should review section 10.9 of their P&P Manual regarding complaints
The Privacy Officer should document the relevant facts of their investigation as well as efforts to mitigate harm to the patient, sanctions that have been applied, or any policies or procedures that need to be revised or updated
- Staff must be trained on all revised policies and procedures, and proof of training maintained
If a breach occurred, notifications must be sent out to the patient via First class letter, the Secretary of HHS, and, possibly, the media
- Section 10.14 of the FWA/HIPAA Compliance Program P&P Manual discusses breach notifications in further detail, including: required notifications, content, timeline, and other nuances of each notification; PAAS analysts are also available to discuss these notifications with FWA/HIPAA Members if further clarification or guidance is needed

If HIPAA Rule violations are found during an OCR investigation, the pharmacy can be forced to pay civil money penalties and can even be held accountable for an employee’s failure to adhere to company HIPAA policies and procedures. Additionally, individuals accessing or utilizing protected health information inappropriately can be charged civil money penalties or even face criminal charges (and jail time!) for violating the HIPAA Rules.

PAAS Tips:

The OCR takes HIPAA complaints seriously and can investigate your pharmacy to ensure you are compliant with all HIPAA Rules; be sure you have appropriately documented your response to all HIPAA complaints and maintain all documents related to HIPAA for a minimum of six years
Routine HIPAA Compliance Audits can also be carried out by the OCR without a prior patient complaint – make sure you have appropriate policies and procedures in place to be fully adherent to all HIPAA Rules
All staff with access to protected health information should be knowledgeable about HIPAA Rules, your pharmacy’s HIPAA policies and procedures, and sanctions for violating the Rules
HIPAA training tailored specifically to independent pharmacies, as well as personalized assistance from a member of the PAAS analyst team, is included as part of a PAAS FWA/HIPAA Compliance Program membership

Author
Recent Posts

Sara Hathaway, PharmD

Analyst at PAAS National^®

After graduating from UW-Madison's School of Pharmacy with my PharmD, I spent my first eight years at an independent pharmacy dividing my time between both retail and long-term care. I fell in love with the independent pharmacy world and joined the PAAS team to help independents not only survive, but thrive.

I enjoy assisting pharmacy staff both pre- and post-audit and enjoy providing them with knowledge and tools to decrease audit risk going forward. I write articles for Third-Party Newsline each month and answer member questions daily. I look forward to building professional relationships with each of our members and assisting you with your next audit.

Latest posts by Sara Hathaway, PharmD (see all)

Numerous Sumatriptan Formulations Cause Headaches for Pharmacies, & Potential Recoupments - April 14, 2024
Be on the Lookout for Eye Drops Requiring Extra Billing Consideration - March 16, 2024
Employer Pays $4.75 Million after Employee Stole, then Sold, Protected Health Information - March 5, 2024