Under HIPAA, a covered entity's Privacy Officer receives a complaint from a patient who believes their PHI was improperly disclosed. What is the FIRST action the Privacy Officer should take?
-
A
File the complaint with OCR on the patient's behalf
-
B
Dismiss the complaint if the patient cannot name the specific workforce member involved
-
C
Acknowledge the complaint and initiate an investigation according to the complaint management process
-
D
Immediately notify the patient's insurer of the potential disclosure