respect teamwork conversation scale security like value security-breach question delivery-truck dog accident folder slippery wheelchair Lifted Logic Web Design in Kansas City clock location phone play chevron-down chevron-left chevron-right chevron-up facebook checkbox checkbox-checked radio radio-selected instagram google plus pinterest twitter youtube send linkedin computer phone-call play-button quote-end quote-start pin call-answer envelope clock fax-machine right-arrow left-arrow mail-envelope-outlined
(816) 888.8010

Talk To A Lawyer Now

 Do I have a case?

What to Do If You’re the Victim of a HIPAA Violation

Discovering that your private medical information has been exposed can feel overwhelming and invasive. Whether your health records were shared without permission, accessed improperly, or exposed in a data breach, you have rights under the Health Insurance Portability and Accountability Act (HIPAA). 

Confirm What Happened

Start by gathering the facts as to what really happened.  Many times you will receive a letter in the mail notifying you of a HIPAA violation or a data breach.   The letter should give an explanation of what exactly happened.   It should tell you what info was disclosed.  Who disclosed it?  When did the violation occur?

Under HIPAA, covered entities must notify you of certain breaches of unsecured protected health information (PHI).

Keep copies of all communications.

If enforcement action or litigation becomes necessary, documentation will strengthen your case.

File a Complaint with the Provider

Before escalating the issue, you may file a formal complaint with the organization’s Privacy Officer or Compliance Department.  Every covered entity under HIPAA is required to have a a privacy officer, a complaint process, and must provide you a notice of privacy practices.

Write a letter to the compliance officer notifying them of the violation.

Ask for a written response and retain documentation.

File a Complaint with the U.S. Department of Health & Human Services (HHS)

If the issue is not resolved, you can file a complaint with the U.S. Department of Health & Human Services, specifically through its Office for Civil Rights (OCR).

Complaints must generally be filed within 180 days of when you knew (or should have known) about the violation.

You can file online through the Office for Civil Rights here:  HHS Civil Rights Complaint Portal 

The OCR investigates HIPAA violations and has authority to impose fines and corrective action plans.

Monitor for Identity Theft or Fraud

If your Social Security number, insurance ID, or financial information was exposed, you should immediately:

  • Monitor your credit reports
  • Place a fraud alert or credit freeze,
  • Carefully review all medical record
  • Report suspicious activity to your insurer

Early detection is critical.

Keep all documents

It is important that you keep and save any and all documents that are associated with the disclosure.  Even if you think it a certain document, email, or other correspondence is not important, still keep it.  It is better to have too much than too little.  Keep a file that includes:

    • Dates of discovery
    • Names of individuals involved
    • Copies of emails and letters
    • Credit monitoring reports
    • Medical billing discrepancies
    • Out-of-pocket expenses

 Speak with McShane & Brady

While HIPAA itself does not allow individuals to directly sue for a HIPAA violation, you may still have legal options.

Let our experienced HIPAA attorneys at McShane & Brady help you get the compensation to deserve from the damages done from a HIPAA violations, such as financial harm, identity theft, emotional distress, or physical injury.

In some cases, HIPAA violations overlap with broader data breaches, which may support additional claims.

A HIPAA violation is more than a technical compliance issue — it’s a breach of trust. Your medical information is deeply personal, and you deserve accountability when it is mishandled.

If you believe your protected health information

Back to Blog