Health Information Privacy and Security Complaint Process
The Health Insurance Portability and Accountability Act (HIPAA) allows individuals to file complaints regarding their health information privacy rights.
The Fairfax County HIPAA Compliance Program investigates and responds to complaints from, or on behalf of, residents who have received any health care services from Fairfax County government agencies, Fairfax County government employees, and retirees participating in the Health Plan administered by the County’s Department of Human Resources' Benefits Division.
Complaints must be submitted within 180 days from the date of the alleged infraction. Complaints are accepted for violations related to the privacy and security of individual’s protected health information (PHI). PHI is individually identifiable health information in any form or media, whether electronic, paper, or oral.
An investigation will be conducted once the complaint is received to determine if an alleged action or violation fails to comply with the HIPAA Privacy or Security Rules.
You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights; 1-800-537-7697; ocrmail@hhs.gov.
Fairfax County HIPAA Officers
HIPAA Compliance Officer
The HIPAA Compliance Officer (HCO) ensures the county's compliance with the federal Health Insurance Portability and Accountability Act (HIPAA) as well as other state and federal health data protections and information privacy regulations and laws by overseeing the county-wide HIPAA security and privacy programs.
The HCO’s responsibilities include, but are not limited to:
- Working with the HIPAA Privacy and Security Officers within county agencies to standardize the implementation of HIPAA regulations.
- Conducting HIPAA compliance evaluations and Security Risk Assessments of county agencies with covered functions.
- Reviewing, revising, and establishing, as necessary, county-wide HIPAA policies, procedures and guidelines.
- Developing, implementing and documenting HIPAA Security Awareness and Privacy training for all affected county employees.
- Working with the County Attorney and Department of Information Technology (DIT) Information Security Office (ISO) to ensure that the county's policies/procedures and information system security conform with HIPAA, the Health Information Technology for Economic and Clinical Health Act (HITECH) and other privacy regulations for best practices, procedures and technical implications.
- Receiving complaints into violations of HIPAA policy and conducting required follow up/investigations.
HIPAA Privacy Officers
Covered entities must also designate a "contact person or office" to be responsible for providing information, receiving complaints and handling the administration of requests for records access, amendments, disclosure accountings, supplemental protections, confidential communications, etc.
Fairfax County's Health Plan and covered agencies have designated HIPAA contacts for the handling of administrative requests for information:
Community Services Board Privacy Officer: 703-324-4426, TTY 711
Fire and Rescue Department Privacy Officer: 703-246-3558, TTY 711
Health Department Privacy Officer: 703-246-8634, TTY 711
Health Plan Privacy Officer: 703-324-4172, TTY 711
Neighborhood and Community Services, Adult Day Health Care Privacy Officer: 703-704-6050, TTY 711
Sheriff’s Office, Medical Branch Privacy Officer: 703-246-4459, TTY 711