Tracking of HIPAA complaints filed

A reader e-mailed a question this morning:

Do you know where I can find up-to-date data on HIPAA complaints filed? I’m trying to research current Privacy complaints submitted by category and resolution.

I spoke with my friend Bob Burns, who’s about as knowledgable a health IT expert there is, and he said that the original HIPAA law did not mandate any enforcement (although it did specifiy penalties) so there is no real HIPAA enforcement bureau yet. He did suggest that you can check with JCAHO, which does track HIPAA complaints for healthcare organizations.

The Centers for Medicare & Medicaid Services published in the March 25 Federal Register its procedures for filing non-privacy related HIPAA complaints. Effective April 25, persons who believe that a covered entity has violated any administrative simplification provision (including security and identifiers) may file a written complaint with CMS. Following receipt of a complaint, CMS will work with the covered entity to ensure compliance.

A new database to track HIPAA related complaints has been created but I haven’t seen it go live yet. Does anyone know any more about the HIPAA Information Tracking System (HITS)? Please leave a comment here or email me and I’ll send it to the reader.

Newsletter Sign Up

2 thoughts on “Tracking of HIPAA complaints filed

  1. Tell the reader good luck finding up-to-date info on HIPAA complaints! Do they realize how many complaints are filed??? It’s insane! But the HHS Office of Civil Rights (OCR) would be where the reader would want to look. They deal specifically with the privacy aspect of HIPAA. In a news article in November, it stated that as of 10/31/05 OCR has recieved and initiated reviews of over 16,000 HIPAA complaints. About 250 of those have been referred to the Department of Justice for criminal prosecution.

    CMS HIPAA website –

    Office of Civil Rights HIPAA website –

  2. Pingback: The Healthcare IT Guy » Tracking HIPAA complaints continued

Add Comment