What Should A Patient Do If There is an Obvious HIPAA Violation?

What is GDPR and Its Impact On Your Organization?

A patient is unable to sue a healthcare organization for a HIPAA violation and demand damages even though the incident resulted in harm. However it is still possible to take lawful action against the provider and seek damages for breach of state regulations. A number of states permit patients to file a lawsuit if the covered entity was unable to protect healthcare records because of negligence or a breach of an implied agreement. Although it is required for the complainant to provide evidence that damage or harm was done resulting from the breach. Patients must be aware that this legal procedure may be costly and success isn’t guaranteed. Therefore, a patient ought to be focused on what he expects to accomplish.

How Do You File Complaints for HIPAA Violations

Whenever patients file complaints with the federal government, it prompts an investigation more often than not. If there is considerable proof to support the complaint that the HIPAA Rules was violated, steps may be taken against the helathcare provider. Actions taken rely on several elements: nature of the violation, intensity of violation, number of people affected, and repetition of the violation of HIPAA Rules.

The complainant could file a case with the Department of Health and Human Services’ Office for Civil Rights (OCR). It must not be a nameless complaint or there’ll be no investigation. Although complaints could be filed anonymously, OCR isn’t going to investigate any complaints versus a covered entity except if the complainant is named and has provided his contact information. A complaint should be filed prior to any legal action could be taken versus the covered entity. It must be filed within 180 days of knowing about the violation. In some instances, this time period is extended. A lot of complaints could be settled in a number of ways including issuing guidance, voluntary compliance and the covered entity performs corrective action.

A complaint could also be submitted to state attorney generals. They are officially permitted to go after cases filed against HIPAA-covered entities that broke the HIPAA Rules. The complaint may well be sent to the Department of Justice, if there was a criminal violation of the HIPAA Rules. Issues involving individuals can also be submitted to professional boards such as the Board of Nursing or Board of Medicine.

How Do You File a Lawsuit for a HIPAA Violation

In case you’ve been advised that your protected health information (PHI) has been compromised due to a healthcare data breach, or you think your PHI was stolen from a particular healthcare company, you could take legal action against the breached entity to collect damages for any losses or harm sustained because of the breach. The initial step you need to do is to submit a complaint concerning the breach to the HHS’ Office for Civil Rights. You could do this in writing or by using the OCR website. When submitting a complaint in writing, you need to use the official OCR complaint form  and you must hold on to a copy to be given to your legal representative.

Then, you need to get in touch with a lawyer to take legal action against a HIPAA covered entity. You can get a lawyer from your state or local bar association. Look for a law firm or a lawyer who is an expert in HIPAA regulations to have the greatest chance of victory and contact several law firms and talk to a number of lawyers before finalizing your decision. 


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

There will undoubtedly be other people who are having the same problem, a number of whom may have previously taken legal action. You can also opt to join a current class action lawsuit. The more people involved, the more potent the legal case is going to be.

Numerous class action lawsuits have already been submitted on behalf of data breach affected individuals that have yet to encounter harm as a result of disclosure or theft of their personal data. The plaintiffs claim damages for harm that would occur in the future resulting from their data being compromised. Nevertheless, with no proof of actual harm, the likelihood of success is going to be considerably reduced.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/