HIPAA Privacy Policies and Procedures
DOEA is required by the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to develop and communicate to clients a process for filing complaints about DOEA’s privacy practices or perceived violations of the Privacy Rule standards and implementation specifications.
This procedure describes how to file a complaint either directly to the Agency or to the Secretary of the Department of Health and Human Services.
Complaints may include violations of the Agency’s privacy practices and not just violations of the Privacy rule itself.
DOEA must receive and document complaints, but no response is required.
DOEA must document complaints and their disposition, if any, and retain the records for six (6) years.
DOEA may not threaten, intimidate or retaliate against any individual filing a complaint.
If DOEA denies an individual access to his/her PHI (Protected Health Information), DOEA must describe in its denial how the individual may complain to the Secretary of DHHS and the Agency. It must include the name or title and telephone number of the person or office to which complaints may be made.
If DOEA denies an individual’s request to amend his/her PHI, DOEA must describe in its denial how the individual may complain to the Secretary of DHHS and the Agency. It must include the name or title and telephone number of the person or office to which complaints may be made.
You will not be penalized for filing a complaint.
Contact Information for the Department of Elder Affairs
Contact Information for the U. S. Department of Health and Human Services, Office for Civil Rights
Violations must be reported to the DOEA Privacy Officer, Office of the General Counsel.
45 CFR 164.530
Return to Top