Title II of the Federal Health Insurance Portability and Accountability Act (42 USC 1320d to 1329d-8, and Section 264 of Public Law 104191), and its accompanying Privacy Regulations, 45 CFR Parts 160 and 164, require that “covered entities,” as defined by the HIPAA Privacy Regulations, refrain from any retaliatory acts targeted toward those who file complaints or otherwise report HIPAA violations or infractions. The purpose of this policy is to clearly state the position of PayZen on intimidation and retaliation. This policy applies to all workforce, volunteers, and management of PayZen.Under no circumstances shall PayZen intimidate, threaten, coerce, discriminate against, or take other retaliatory action against any individual for:
- The exercise of rights guaranteed under HIPAA, including the filing of a HIPAA complaint against PayZen;
- The filing of a HIPAA complaint with the Secretary of HHS;
- Testifying, assisting, or participating in a HIPAA investigation, compliance, review, proceeding, or hearing; or
- Opposing any act or practice that is counter to the HIPAA regulations, provided the individual or person has a good faith belief that the practice opposed is unlawful, and the manner of the opposition is reasonable and does not involve a disclosure of PHI in violation of HIPAA.
No retaliatory action against an individual or group involved in filing HIPAA complaints or otherwise reporting infractions will be tolerated.
Under no circumstances shall PayZen require any member(s) of its workforce, volunteers, or management to waive their rights under HIPAA.
All allegations of HIPAA retaliation against individuals will be reviewed and investigated by PayZen in a timely manner.