Health Insurance Portability and Accountability Act (HIPPA) Practice Exam

If someone believes a DoD covered entity is not following HIPAA, where can they file a complaint?

• A. The local police department
• B. The DHA Privacy Office
• C. The Department of Justice
• D. The designated physician at the MTF

The correct answer is: The DHA Privacy Office

Filing a complaint regarding a violation of HIPAA by a Department of Defense (DoD) covered entity should be directed to the DHA (Defense Health Agency) Privacy Office. This office is specifically set up to handle privacy issues related to healthcare information within the DoD framework and is equipped to investigate claims of non-compliance with HIPAA regulations. The DHA Privacy Office serves as the appropriate authority for individuals who wish to report perceived violations, as it ensures that the complaint is addressed within the correct jurisdiction and in accordance with established protocols. They can respond effectively to complaints involving health information privacy and security, making them the correct venue for this type of issue. Other options, such as the local police department, the Department of Justice, and the designated physician at the Military Treatment Facility (MTF), do not have the specific mandate or expertise to address HIPAA-related complaints in the same manner as the DHA Privacy Office. The police may handle criminal matters but would not have jurisdiction over HIPAA violations, while the Department of Justice takes on broader legal enforcement roles, not managing individual complaints. Similarly, a designated physician might not have the authority or resources to address compliance issues and privacy concerns effectively.