February 13, 2011
Consumer concerns have increased over the past few years because of the dramatic changes in health care information and its’ delivery (Benfield, Ashkanazi, Rozensky 2006). Each day patients put their physical health and trust in the hands of health care providers. Unfortunately, there have been times when the treatment provided, whether accidental or intentional, has caused harm to the patient. Patients who have experienced injury have the right to lodge a complaint against that provider. Included in the possible reasons for civil complaints is the sharing of personal information, negligence, or assault. These injuries are considered civil wrongs and are covered under Tort Law. In recent years, with the advances in technology, patient privacy has become imperative. In order to protect patient privacy the Health Insurance Portability and Accountability Act of 1996 was enacted, and is part of the Department of Health and Human Services, regulated by the Office of Civil Rights. Health care providers must take care to protect the privacy of their patients at all times. HIPAA regulations provide a guideline to help protect not only the patient, but also employees, from divulgence of their personal information to non-involved third parties. Providers of health care should be acquainted with the rules and regulations that guide HIPAA and the subsequent violations. Information is necessary to provide adequate and correct patient care. The guidelines to protect patient privacy should be followed but are open for interpretation. Providers should be steered by professional principals and ethics (Lo, Dornbrand, Dubler 2005). Health care providers must understand the difference between privacy and confidentiality. Privacy is the right of individuals to keep personal information restricted. Patients decide who has access to their information. Confidentiality is how medical personnel deal with information once it has been disclosed. Patients’ believe that their health care providers will protect their privacy and use any personal information in an ethical manner (Ives, E, Millar, S. 2005). When providers of care breach that trust, patients may take action in the form of a formal complaint to the Department of Health and Human Services. When patients discover that their personal information has been unnecessarily shared, they may file a complaint against the physician, staff, or facility. To file a complaint, patients must follow the guidelines set by the local, state, or federal government. The process for a civil complaint to HIPAA begins with a written complaint, and can be in the form of a letter, fax or e-mail. Letters sent via mail or fax must be sent to the Office of Civil Rights regional offices. According to the Health and Human Services Department this form must include the name of the health care provider or facility, a description of the violation and be submitted in a timely manner, usually but not limited to 180 days. Supporting documentation, such as notarized witness statements should be included. The claim is then reviewed and a decision made whether the health care provider has violated the patients’ privacy. There are both civil and criminal penalties associated with disclosure of patient information. The Office for Civil Rights (OCR), a division of the Department of Health and Human Services, is responsible for investigating claims of privacy violations. According to the OCR, the guidelines for investigation include the timing of the allegation, if it took place after the rules for privacy protection took place, or after Aril 14, 2003 for privacy and after April 20, 2005 for security. A complaint must be filed against a facility or individual who is required, by law, to observe the Privacy and Security Rule such as a health plan or health care provider that electronically submits claims. Businesses exempt...