How to File a Health and Human Service HIPAA/Privacy or Security Rule Complaint Against the VA or Other Medical Facility

You can file a complaint with the Department of Health and Human Services (HHS) if you feel your HIPAA/Privacy or Security Rule has been violated.

Note: First, try to remedy the situation with your local VA Medical Center (VAMC) or other medical facility privacy officer. The privacy officer will conduct an investigation into your allegation, take appropriate action and notify you. If you are unsatisfied or your complaint goes unanswered, file your complaint with the HHS.

Please visit the Department of Health and Human Services website,, or to file your complaint. It is a simple form and allows you to upload supporting documents. You have several filing method options.

The HHS website has important information regarding your HIPAA/Privacy rights and what is expected of your treatment facilities Security Rule.

Click on Security Rule vs Privacy Rule for an explanation.

NOTE: The Security Rule applies only to EPHI, while the Privacy Rule applies to PHI which may be in electronic, oral, and paper form.

NOTE: OCR within HHS oversees and enforces the Privacy Rule, while CMS oversees and enforces all other Administrative Simplification requirements, including the Security Rule.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s