Explosive growth in digital health over the last few years means there are many developers and managers who haven’t worked under HIPAA before. This guide is written for startups (and small businesses operating online) who could use some help with the basics of HIPAA compliance.
A covered entity or business associate may not threaten, intimidate, coerce, harass, discriminate against, or take any other retaliatory action against any individual or other person for
(a) Filing of a complaint under § 160.306;
(b) Testifying, assisting, or participating in an investigation, compliance review, proceeding, or hearing under this part; or
(c) Opposing any act or practice made unlawful by this subchapter, provided the individual or person has a good faith belief that the practice opposed is unlawful, and the manner of opposition is reasonable and does not involve a disclosure of protected health information in violation of subpart E of part 164 of this subchapter.
[71 FR 8426, Feb. 16, 2006, as amended at 78 FR 5691, Jan. 25, 2013]