I posted in June about the fact that my social security number (and possibly other personal information) had been downloaded to an unknown site in Eastern Europe as part of a large security breach from the Utah state health department. In connection with that breach, I have filed a complaint with the Office for Civil Rights at HHS (OCR).
I thought readers might like to know, however, that the process of complaining about a HIPAA violation to OCR is cumbersome indeed. There are forms available on line, here. You can open them, and fill in information, but you can’t save them. If you close the form, you lose all the data. You also can’t file them online–you have to print them out and fax them off. (You are helpfully told, however, to “print out a copy for your records.”) I finally figured out that if you save the form to notepad before you fill it out, you can then email it to HHS–but this required a telephone call to the appropriate regional office of HHS.
When I pointed out to OCR that this process is not exactly user-friendly, they indicated that they are “working on it.” Imagine someone without a home computer, or a home fax machine, or a home printer, using public library computers in the effort to reach OCR about what they regard as a significant problem with their health information. Surely in a world of blue buttons and digital Medicare strategies, see Responsive Design and the New Medicare.gov, the ability to file a complaint about possible violations of health information security or confidentality should be an easier online process.