HIPAA: Filing a Complaint

HIPAA Complaint Process

Health Information Privacy and Security Complaint Process

The Health Insurance Portability and Accountability Act (HIPAA) allows individuals to file complaints regarding their health information privacy rights.

The Fairfax County HIPAA Compliance Program investigates and responds to complaints from, or on behalf of, residents who have received any health care services from Fairfax County government agencies, Fairfax County government employees, and retirees participating in the Health Plan administered by the County’s Department of Human Resources' Benefits Division.

Complaints must be submitted within 180 days from the date of the alleged infraction. Complaints are accepted for violations related to the privacy and security of individual’s protected health information (PHI).  PHI is individually identifiable health information in any form or media, whether electronic, paper, or oral.

An investigation will be conducted once the complaint is received to determine if an alleged action or violation fails to comply with the HIPAA Privacy or Security Rules.

You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights; 1-800-537-7697; ocrmail@hhs.gov.

If your complaint is related to health insurance premiums, health-care provider service charges, quality of care issues, or privacy or security concerns not associated with Fairfax County services, please contact the respective organization directly.
HIPAA Compliance Officer

Fairfax County HIPAA Officers

HIPAA Compliance Officer

The HIPAA Compliance Officer (HCO) ensures the county's compliance with the federal Health Insurance Portability and Accountability Act (HIPAA) as well as other state and federal health data protections and information privacy regulations and laws by overseeing the county-wide HIPAA security and privacy programs. 

The HCO’s responsibilities include:

  • Working with the HIPAA Privacy Officers within county agencies to standardize the implementation of HIPAA regulations.
  • Conducting HIPAA compliance evaluations and Security Risk Assessments of county agencies with covered functions.
  • Reviewing, revising, and establishing, as necessary, county-wide HIPAA policies, procedures and guidelines.
  • Developing, implementing and documenting HIPAA Security Awareness and Privacy training for all affected county employees.
  • Working with the County Attorney and Department of Information Technology (DIT) Information Security Office (ISO) to ensure that the county's policies/procedures and information system security conform with HIPAA, the Health Information Technology for Economic and Clinical Health Act (HITECH) and other privacy regulations for best practices, procedures and technical implications.
  • Receiving complaints into violations of HIPAA policy and conducting required follow up/investigations.
Contact the HIPAA Compliance Officer at HIPAAComplianceOfficer@fairfaxcounty.gov or by phone at 703-324-2164, TTY 711.
HIPAA Privacy Officers

HIPAA Privacy Officers

Covered entities must also designate a "contact person or office" to be responsible for providing information, receiving complaints and handling the administration of requests for records access, amendment, disclosure accountings, supplemental protections, confidential communications, etc.

Fairfax County's Health Plan and covered agencies have designated HIPAA contacts for the handling of administrative requests for information:

Community Services Board Privacy Officer: 703-324-4426, TTY 711

Fire and Rescue Department Privacy Officer: 703-246-3558, TTY 711

Health Department Privacy Officer: 703-246-8634, TTY 711

Health Plan Privacy Officer: 703-324-4172, TTY 711

Fairfax Virtual Assistant