The Medical Records Supervisor/Privacy Officer or appointed designee takes all complaints and/or allegations of non-compliance seriously and fully investigates the allegations to determine the course of corrective action.
1. The Medical Records Supervisor/Privacy Officer or appointed designee keeps a log of all complaints and/or allegations of non-compliance and the outcome of the internal investigation of the allegations.
2. Cardiology Medical Group informs our patients of their rights under HIPAA’s Privacy Rule to file a complaint with our Medical Records Supervisor/Privacy Officer and the Office of Civil Rights (OCR) when they have reason to believe we have violated their privacy rights.
3. The patient completes the Privacy Complaint Form detailing the specific possible violation of health information occurrences and dates. This form is reviewed by the Medical Records Supervisor/Privacy Officer or appointed designee to assist the patient to make sure that the most complete information is provided on the violation form.
4. The Medical Records Supervisor/Privacy Officer or appointed designee takes all complaints and/or allegations of non-compliance seriously and fully investigates the allegations to determine what course of corrective action, if any, needs to be taken.
5. The Medical Records Supervisor/Privacy Officer or appointed designee notifies the patient in writing of the outcome of the investigation and what corrective action, if any, was taken.
6. The OCR may also conduct compliance reviews to determine whether Cardiology Medical Group is complying with the applicable requirements of this rule.
•If the OCR initiates a compliance review of our practice, Cardiology Medical Group complies with all requests for information and produces records and compliance reports to the OCR in a timely manner in order for the OCR to determine whether or not Cardiology Medical Group is in compliance with the Privacy Rule.
•Cardiology Medical Group provides the OCR access during normal business hours to our facility, books, records, accounts, and other sources of information, including Protected Health Information, that is pertinent to ascertaining compliance with the applicable standards.
•If the OCR determines that exigent circumstances may exist at the health center, such as when documents or patient’s protected health information may be hidden or destroyed, Cardiology Medical Group permits immediate access to the OCR at any time and without notice.
•If protected health information is required for the investigation and the information is the exclusive possession of any other agency, institution, or person and the other agency, institution, or person fails or refuses to furnish the information, Cardiology Medical Group certifies what efforts were made to obtain the information.
•The OCR sends a written copy of the outcome of the review to the complainant and Cardiology Medical Group.
•If Cardiology Medical Group is found to be non-compliant, office attempts to quickly resolve the matter by informal means.