HIPAA FAQs - Privacy Notice

    


 
What is a Privacy Notice?
It is really called the Notice of Privacy Practices (NPP). It is a formal document that explains - in simple terms - how, when, and why a patient’s medical information may be disclosed. This document is quite comprehensive and all medical office personnel, including physicians, should read this Notice. It answers many questions regarding protected health information (PHI) and is your practice’s guide to handling your patients’ PHI. 

What has to be in a Notice of Privacy Practices (NPP)?
It must contain specific language as proscribed by the U.S. Department of Health and Human Services (HHS), prominently displayed in the beginning of the notice. 

“THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU (AS A PATIENT OF THIS PRACTICE) MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO YOUR INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.”

  • It should have a statement that your office is committed to health information privacy. 
  • You should state that you have the right to amend or revise this notice if your privacy practices change. 
  • You must give detailed accounting with examples of how protected health information (PHI) may be used by your practice. 
  • You must inform the patient of his/her right to: 
    • Receive a copy of your Notice. 
    • Authorize disclosure of health information. 
    • Restrict certain uses and disclosures of PHI. 
    • Receive confidential communications. 
    • Inspect and copy his/her PHI. 
    • Amend his/her PHI. 
    • An accounting of PHI disclosures for other than treatment, payment, and health care operations (TPO). 
    • Complain about alleged privacy violations by your practice to the HHS.

You must inform the patient of your practice’s obligations concerning the use and disclosure of his PHI.

Once I get this Privacy Notice written, what do I do with it?

  • You MUST distribute it to your patient at the first office visit after 4/14/03 and you must make best effort to obtain written documentation (a signed consent form) from the patient that he/she received this notice. 
  • You must post an abbreviated notice prominently in the office. 
  • You may distribute it via e-mail with a return receipt. 
  • If you have a Web site, it must be on the Web site. 

You must make a reasonable effort to assure that each patient gets a Notice of Privacy Practice (NPP) on his or her first date of service after 4/14/03 and document this effort. 

What if I forget to give the Privacy Notice to a patient when he/she comes in?
You should mail the notice to the patient ON THE SAME DAY and document why it was not given to the patient at the time of service and that the notice was mailed. 

Back to Top