You have privacy and security rights under a federal law that protects your health information. These rights are important for you to know. You can exercise these rights, ask questions about them, and file a complaint if you think your rights are being denied or your health information isn't being protected. You have privacy rights under a federal law that protects your health information. Additionally, you have the right to be notified of any breach that compromises the security or privacy of personal health information.
If you believe that a person, agency or organization covered under the HIPAA Privacy Rule ("a covered entity" or a “business associate”) violated your (or someone else's ) health information privacy rights or committed another violation of the Privacy Rule, you may file a complaint either with the federal Office for Civil Rights (OCR), or the Connecticut Office of the Attorney General. The Office of the Attorney General has authority to enforce HIPAA protections for Connecticut state residents. OCR and the Office of the Attorney General have authority to receive and investigate complaints against covered entities and business associates related to the HIPAA Privacy Rule, Security Standards, and the newly established Breach Notification Rule. The recent changes to HIPAA also permit OCR or the Office of Attorney General to bring a lawsuit in federal court to enforce HIPAA protections. A covered entity is a health plan, health care clearinghouse, and any health care provider who conducts certain health care transactions electronically. A business associate is an entity that performs or assists in the execution of an activity involving protected health information or provides services for a covered entity.
To file a complaint with the Office of the Attorney General, please fill out the form and send to Office of the Attorney General, 165 Capitol Avenue, Hartford, CT 06106.