HIPAA Anti-Retaliation Policy

Library Board approved November 18, 2003.  Effective November 18, 2003.

Title II of the Federal Health Insurance Portability and Accountability Act (42 USC 1320d to 1329d-8, and Section 264 of Public Law 104191), and its accompanying Privacy Regulations, 45 CFR Parts 160 and 164, require that “covered entities,” as defined by the HIPAA Privacy Regulations, refrain from any retaliatory acts targeted toward those who file complaints or otherwise report HIPAA violations or infractions.  The purpose of this policy is to clearly state the position of the Oak Park Public Library (the “Library”) on intimidation and retaliation.  This policy applies to all workforce, volunteers, and management of the Library.

  1. Under no circumstances shall the Library intimidate, threaten, coerce, discriminate against, or take other retaliatory action against any individual for:
  1. The exercise of rights guaranteed under HIPAA, including the filing of a HIPAA complaint against the Library;

  1. The filing of a HIPAA complaint with the Secretary of HHS;

  1. Testifying, assisting, or participating in a HIPAA investigation, compliance, review, proceeding, or hearing; or

  1. Opposing any act or practice that is counter to the HIPAA regulations, provided the individual or person has a good faith belief that the practice opposed is unlawful, and the manner of the opposition is reasonable and does not involve a disclosure of PHI in violation of HIPAA.

No retaliatory action against an individual or group involved in filing HIPAA complaints or otherwise reporting infractions will be tolerated.

Under no circumstances shall the Library require any member(s) of its work force, volunteers, or management to waive their rights under HIPAA.

All allegations of HIPAA retaliation against individuals will be reviewed and investigated by the Library in a timely manner.

« Back to Policies