My Health Privacy: What if my rights have been violated?

What should I do if I think my privacy rights have been violated?

Speak to the privacy officer. Every health care provider and health plan must appoint a privacy officer. You may be able to resolve the problem.
File a federal complaint. You can file a complaint through the U.S. Department of Health and Human Services, Office for Civil Rights, the agency enforcing the privacy law. Any healthcare provider or plan found in violation may be subject to fines from $100 to $250,000 and one to ten years in prison. You must file your complaint within 180 days of the incident. The complaint process and form are available from the Health Privacy Project at www.healthprivacy.org.

While the new federal health privacy law applies throughout the United States, it does not affect state laws that have stronger protections for patients. Any state law that has additional protections continues to apply. Check with the following offices about the laws in your state: state attorney general’s office, state insurance commissioner, and state medical board. These offices may be able to help you with any federal violations, as well as any additional state law violations of privacy rights. While you may be able to bring a privacy case in state court, you do not have a right to sue in federal court.

For additional information on the new health privacy law:

Department of Health and Human Service, Office of Civil Rights

Health Privacy Project