Skip to Content

HIPAA Privacy - Refraining from Retaliatory Acts 164.530(g)

602  Matthew Burdick September 29, 2022  Administrative Requirements (Breach)

Overview:
164.530(g)
Refraining from Retaliatory Acts.
All covered entities must have policies and procedures in place to prohibit retaliatory acts.


Action Items:
1) Does the covered entity have appropriate policies and procedures in place to prohibit retaliation against any individual for exercising a right or participating in a process (e.g., assisting in an investigation by HHS or other appropriate authority or for filing a complaint) or for opposing an act or practice that the person believes in good faith violates the Breach Notification Rule? Obtain and review such policies and procedures.


Related Documents:
1) Policies and procedures in place to prohibit retaliation against any individual for exercising a right or participating in a process (e.g., assisting in an investigation by HHS or other appropriate authority or for filing a complaint) or for opposing an act or practice that the person believes in good faith violates the Breach Notification Rule


Additional Guidance:
A covered entity:
(1) May not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against any individual for the exercise by the individual of any right established, or for participation in any process provided for, by this subpart or subpart D of this part, including the filing of a complaint under this section; and
(2) Must refrain from intimidation and retaliation as provided in § 160.316 of this subchapter.

 
Not Rated
Secure Code