Section 23: Complaint Process

Section 23: Complaint Process

The Callier Center is required to have a process by which an individual can make a complaint to the Privacy Officer regarding its compliance with the HIPAA Privacy Standards or any of the policies and procedures compiled in this Manual.

Responsibility for Receiving a Complaint

An individual shall have the right to submit a complaint to the Callier Center relating to its compliance with any of the policies and procedures compiled in this Manual and System’s compliance with the HIPAA Privacy Standards. The Privacy Officer or his/her designee shall be responsible for receiving and keeping a log of such complaints.

Filing a Complaint

a. If an individual, including a Personal Representative acting for a Patient, indicates the desire to make a complaint, the Privacy Officer shall ask the individual to submit a written complaint. Complaint Form

b. If the Individual agrees to submit a written complaint, the Individual shall complete the Callier Center promulgated form. The Privacy Officer shall ensure that the complaint form completely states in clear terms the nature of the complaint and providing sufficient information to enable the Center to investigate, review, and resolve the complaint.

c. If the Individual declines to provide a written complaint, the Privacy Officer or his/her designee shall: (i) ask the Individual to explain the complaint in sufficient terms to enable the investigation, (ii) review the information provided, and resolution of the complaint, (iii) produce the individual’s complaint in writing, and (iv) require the Individual to confirm the accuracy of the information that has been produced in writing by the Privacy Officer by signing or verifying in the presence of a witness that the Individual agrees with the contents of the information.

Investigation of Privacy Complaints

a. The Privacy Officer shall address and resolve all complaints, unless the complaint alleges a violation has been committed by the Privacy Officer, in which case the Provost shall designate another qualified individual to conduct the investigation. All such matters shall be privileged and confidential to the extent permitted by law. The Privacy Officer shall investigate and handle as a quality review matter all complaints including, as appropriate, interviewing or otherwise contacting other persons involved in the circumstances upon which the complaint is based, and shall take all other steps necessary to review and investigate the complaint.

b. Following completion of the investigation, the Privacy Officer shall make a determination regarding whether a violation has occurred and if so whether (i) this Manual fails to comply with the HIPAA Privacy Standards; (ii) the Center has failed to comply with the policies and procedures compiled in this Manual; and/or (iii) the Center has failed to comply with the HIPAA Privacy Standards.

Correction of Discovered Privacy Violation

If it is determined that any provision of the policies and procedures compiled in this Manual violates the law or otherwise needs modification, this Manual shall be revised. If it is determined that the Center has violated either this Manual or the HIPAA Privacy Standards, such violation shall be corrected, and if the violation is continuing, it shall be stopped. If the Privacy Officer determines that Workforce Members or other employees have violated the Manual or other UT Dallas policies, the Privacy Officer shall refer the matter for Sanctions in compliance with Section 31 of this Manual and/or disciplinary action in accordance with UT System policy, as applicable.

Notice of Resolution of Privacy Complaints

The Privacy Officer may provide the complaining person with written notice of the decision regarding the complaint that includes (i) the name of the person handling the complaint; (ii) the fact that an investigation has taken place or will take place; (iii) the date of completion or expected completion; and (iv) either the result of the investigation or notification that due to the confidential and privileged nature of the peer review/quality review process.  The results of such proceedings may not be communicated to the person. A copy of any such notice shall be retained in accordance with this Manual.

Document Retention

The Privacy Officer shall retain documentation of any complaint, including misdirected complaints, received, and its disposition. Such documentation shall be retained in accordance with Manual.

Misdirected Complaints

Upon receipt of any complaint received by the Privacy Officer that alleges a violation by an entity other than UT Dallas Callier Center, the complaint shall be returned to the individual filing the complaint advising them that the complaint cannot be considered by UT Dallas Callier Center as it does not involve action by or on behalf of the University as a Hybrid Entity.

HIPAA Regulatory Citation:  45 CFR § 164.530(d), § 164.520(b)(1)(vi) Effective:  04/14/2003
Revised:  04/13/2013
Reviewed: 03/26/2021, 12/08/2015

Donise W. Pearson, HIPAA Privacy Officer
UT Dallas Callier Center