- The complainant, with or without the assistance of a Patients' Rights Advocate (PRA), completes and submits the Health Insurance Portability and Accountability Act (HIPAA) Privacy Complaint Form to the Patients’ Rights Office.
- Upon receipt of a completed HIPAA Privacy Complaint Form, the Patients’ Rights Office staff shall log the information.
- PRA staff shall give a copy of the complaint to the DMH Privacy Officer for review and processing.
-
In accord with DMH Policy 200.04 Beneficiary Problem Resolution, PRA shall: - Provide to the complainant receipt of the complaint
- The acknowledgment shall:
- Include the date of receipt
- Provide the name, telephone number and address of the DMH representative the complainant may contact
- Inform the complainant within five (5) business days that their complaint has been received, by letter or phone call.
- The DMH Privacy Officer shall contact entities required in the HIPAA privacy complaint process.
- If the information results in a breach, the DMH Privacy Officer shall provide written notification of the breach to the client within thirty (30) business days of receipt.
- The Privacy Officer shall follow all applicable steps in accord with Policy 506.03 Responding to Breach of Protected Health Information.
- The Patients’ Rights Office shall consult with the DMH Privacy Officer, as needed.
- The DMH Privacy Officer shall conduct any additional investigation deemed necessary or appropriate, in their discretion.
- The DMH Privacy Officer shall consult with County Counsel as needed.
- All documents required to be created or completed under this policy and procedure shall be retained for a period of at least 10 years from the date of creation.
| |
|
