The third and fourth pages comprise a consent form, which you can fill out to authorize OCR to access your personal information while the office investigates your complaint. The last four pages provide information on what OCR can do with your personal information, how it will be protected, and when it can be disclosed.

If you are completing the form for someone else, check the relevant box and write in that person’s name in the appropriate section.

When describing the nature of the violation, you should be as specific as possible. You don’t need to use complex, legal language or reference the HIPAA statute itself. Simply write down the sequence of events you believe led to the violation, and then provide as much detail as you can about the violation and how it has affected you. If you need additional space than that provided, you can attach additional pages.

Complete all, some, or none of this section as you wish.

Consent is entirely voluntary, but OCR warns that failure to provide consent can impede its investigation and ultimately close it. [8] X Trustworthy Source US Department of Health and Human Services Federal department responsible for improving the health and well-being of Americans Go to source

You can print out the completed forms and either mail or fax them to the appropriate regional OCR office (the OCR office in the region where the violation occurred). OCR provides a list of contact information for its regional offices online. You can e-mail the completed forms to OCR at OCRComplaint@hhs. gov.

Your name, street address, telephone number, and e-mail address. The name, street address, and telephone number of the entity you believe committed the violation. A brief description of the violation (specifically: the how, why, and when of the violation). Your signature and the date of the complaint. If you are filing the complaint on behalf of another person, you must include that person’s name as well.

You will be given the option to print out a copy of your complaint.

Doctors, psychologists, chiropractors, dentists. Hospitals, clinics, nursing homes, pharmacies. Health-insurance companies, company health plans. Government healthcare programs such as Medicaid or Medicare.

Employers, life insurers, workers’ compensation carriers. Many schools/school districts. Many state agencies, such as those dealing with child-protective services. Many law-enforcement agencies. Many municipal offices.

Information placed into your medical record by a healthcare provider. Conversations your doctor has with other healthcare professionals regarding your care or treatment. Billing information at your clinic and personal information held by your health insurer.

Establish safeguards to protect your health information and not use/disclose your health information in an improper way. Limit use and disclosure of your health information to only that which is necessary. Establish procedures to limit access to your health information. Train employees on how to protect your health information.

Asking to view/obtain a copy of your health records. Having your health records corrected as appropriate. Receiving a notice regarding how your health information is used/shared, and getting a report detailing when/why your health information was used/shared. Deciding if your health information can be shared for other purposes, such as marketing.