The Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act, commonly known as HIPAA, require the confidentiality of personal protected health information. The U.S. Department of Health and Human Services (HHS), Office for Civil Rights, enforces HIPAA rules and requirements.
Contrary to popular belief, HIPAA does not allow an individual to sue for violations. Instead, an individual who believes a HIPAA violation has occurred must make a complaint with HHS, who then investigates. The complaint must be filed within 180 days of when the person knew or should have known of the violation. Information regarding filing a complaint can be found at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html.
Phoenix Cardiac Surgery, P.C. recently agreed to pay $100,000 to settle allegations made by HHS related to a HIPAA violation. A complaint was made alleging that the medical group posted patient appointments on an Internet calendar that was publically accessible. The settlement also requires the group submit a plan to remedy the issue as well as show that all employees took required training.