 | LOS ANGELES COUNTY
DEPARTMENT OF MENTAL HEALTH | | | Policy 504.01 HIPAA Privacy Complaints
| | Policy Category: Administrative | | Distribution Level: Directly Operated | | Responsible Party: Privacy Officer | | | | Approved by Marvin J. Southard, DSW, Director on August 1, 2004 | | Reviewed and updated by Patients' Rights Director, Health Information Officer, Privacy Officer on September 1, 2023 | |
|
| I. PURPOSE | | To ensure that the Los Angeles County Department of Mental Health (DMH) addresses clients' privacy complaints regarding the use or disclosure of Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.
| II. DEFINITIONS
| Breach: The term ‘breach’ means the unauthorized acquisition, access, use, or disclosure of PHI which compromises the security, privacy, or integrity of the health information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information. The HITECH Act clarifies that an unauthorized activity compromises the privacy or security of PHI or electronic PHI if it poses a significant risk for financial, reputational, or other harm to the individual.
Protected Health Information (PHI): PHI is individually identifiable information relating to the past, present, or future physical or mental health or condition of an individual, provision of health care to an individual, or the past, present, or future payment for health care provided to an individual.
| | III. POLICY
| | DMH shall protect the privacy of PHI in compliance with applicable law, as well as DMH’s policies and business practices.
All complaints related to privacy shall be investigated and resolved internally.
DMH shall communicate to clients who report privacy-related complaints that DMH’s privacy-related complaint process shall follow DMH Policy 506.03 Responding to Breach of Protected Health Information. Any client may file complaints regarding suspected violations of the HIPAA Privacy Rule by DMH workforce or business associates.
Anonymous complaints shall be permitted; however, insufficient detail may delay, hinder, or prevent a full investigation.
The HIPAA Privacy Complaint Form shall be made available upon request and on the DMH website. Individuals may file complaints concerning: -
Suspected violations in the use, disclosure, or disposal of their PHI; -
Denials of access to their PHI; -
Denial of amendments to their PHI; or DMH Policy 501.01 Client's Right to Access PHI and Confidential Data -
Retaliatory or intimidating actions. Complaints against DMH that do not fall within the categories described above will be handled in accordance with DMH Policy 200.04 Beneficiary Problem Resolution Process.
The complainant may exercise the right to have a representative intervene on their behalf and/or assist during the complaint processes.
The complainant may file a complaint with the Office of Civil Rights, U.S. Department of Health and Human Services at any time before, during, or after initiating the complaint process.
DMH shall not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against its workforce, including whistle blowers and clients, for filing complaints, and in accord with Policy 509.01 Disclosure of PHI by Whistleblowers and MDH Workforce Members who are Crime Victims.
| | IV. PROCEDURES
| | | | V. AUTHORITY
| Code of Federal Regulations, Title 45, §§ 164.502, 164.530
| VI. ATTACHMENTS
| | No attachments are associated with this policy. | |
|