Patient Privacy Rights

About HIPAA Summit Media Contact DONATE

What can I do if I think my medical privacy has been violated?

Americans have the right to complain to the U.S. Dept. of Health and Human Services (HHS). You can also contact Congress.

Unless you can cite a law in your state that gives you the right to sue whoever violated your privacy, your only option is complaining to HHS. HHS investigates all complaints and reports any potentially illegal violations to the Department of Justice (DOJ) for further investigation. The DOJ may file charges on your behalf.

To date, more than 30,000 medical privacy complaints have been made to HHS. Only a handful of complaints were sent on to DOJ, because the vast majority of violations were found to be legal uses and disclosures of medical records as defined by HIPAA. (i.e., “routine” uses).

The DOJ has charged, prosecuted, and obtained a conviction of only one privacy violator to date. The case was one of identity theft based on identifiable information found in someone’s medical records.

We also encourage you to contact your elected officials.

If you’d like, Patient Privacy Rights will send a joint letter to your Congressman with a copy of your complaint.