Refraining from intimidating or retaliatory acts
The policy also describes how the university will address such complaints.Back to top Where required by law or regulation, the university will inform individuals, through the method stipulated in the law, of their right to make a privacy complaint to IU and/or applicable government or regulatory officials.If no documentation is held, the covered entity will be required to submit a statement to that effect.
The purpose of this policy is to outline Indiana University's approach to providing a mechanism for individuals to submit complaints regarding IU’s privacy practices.
Most covered entities have relatively clear-cut HIPAA compliance requirements, the rules vary significantly from one GHP to the next depending on the services the plan provides and the information it shares with the plan sponsor.
GHPs can take a number of steps to reduce their exposure to OCR penalties and audits—and to ensure that they’re doing everything appropriate to comply with the latest Omnibus Rule requirements.
And with the launch of that organization’s online complaint form, it’s easier than ever for someone to report suspected violations of HIPAA privacy or security rights, which often result in an OCR investigation In 2013, 93% of the complaints filed were determined to result from a violation and 26% of those resulted in OCR corrective actions plans.
The HITECH Act gave state attorneys general (SAG) jurisdiction to file civil suits on behalf of their citizens who claim HIPAA violations.
OCR may decide to audit a covered entity on one or more modules, depending on the type of organization.