HIPAA Compliance Plan
« Previous PageHIPAA Survival Guide Table of ContentsNext Page »

Download our Free HIPAA Project Plan.

SUBPART C-Compliance and Enforcement

The CFR sections that pertain to this Subpart are §160.300 through §160.316. There is much here that we will simply ignore in order to focus on the news you can use. In this section we will list the section header and paraphrase succinctly-hopefully enough is provided for you to understand the essence of compliance and enforcement.

§ 160.304 Principles for achieving compliance

The basic principles are (a) Cooperation and (b) Assistance.

HIPAA Survival Guide Note

HHS will seek your cooperation and may provide some assistance in helping you voluntarily comply. Make of that what you will.

§ 160.306 Complaints to the Secretary

A person (read patient) has a right to file a complaint with HHS as long as all requirements for filing are met (e.g. must be in writing).

HIPAA Survival Guide Note

HIPAA does not directly provide an option for a patient to file a civil lawsuit, but many state laws do-and in that sense the state laws are "more stringent" (see also similar items of interest in the HITECH section).

§ 160.308 Compliance reviews

HHS has the right to conduct compliance audits (oh happy day).

§ 160.310 Responsibilities of covered entities

  1. Provide records and compliance reports.
  2. Cooperate with complaint investigations and compliance reviews.
  3. Permit access to information.
HIPAA Survival Guide Note

A core component of "do the right thing" and "implement the necessary safeguards" is to keep compliance records-otherwise you simply have no defense. Furthermore, it is in a provider's best interest to "play nice" if/when the HHS "guys" show up.

§ 160.314 Investigational subpoenas and inquiries

HIPAA Survival Guide Note

HHS has subpoena power and so if they want to get "mean and nasty" they have tools at their disposal.

§ 160.316 Refraining from intimidation or retaliation

This rule speaks for itself.

HIPAA Survival Guide Note

If a patient files a complaint then let sleeping dogs lie. Do not even come close to any line that could be construed as intimidation or retaliation.

Make sure you are Omnibus Rule Compliant: HIPAA Privacy Checklist.

« Previous PageHIPAA Survival Guide Table of ContentsNext Page »