The HIPAA Privacy Rule requires health plans and covered health care providers to develop and distribute a notice–the Notice of Privacy Practices (NPP)–that provides a clear, user-friendly explanation of individuals’ rights with respect to their personal health information and the privacy practices of health plans and health care providers.
What is a Notice of Privacy Practices (NPP)?
A HIPAA-mandated Notice of Privacy Practices (NPP) must inform how the covered entity (or CE) may or may not use protected health information (PHI), and help patients understand their personal rights when they seek services of a healthcare provider.
If a covered entity engages services of a third-party business associate to help carry out its healthcare duties and responsibilities, then the said CE must have a written agreement for the business associate which provides the scope of services that the business associate might carry out. And yes, the business associate also needs to comply with the HIPAA privacy regulations to protect the privacy of protected health information (PHI).
In summary, NPP is required by a covered entity or their business associate to remain in compliance with HIPAA privacy regulations and ensure the confidentiality of patient information.
Many providers seek templates to provide the Notice of Privacy Practices in English and Spanish to improve patient experience and understanding. We are spreading the word about customizable HIPAA notices of privacy practices forms developed by The Office for Civil Rights (OCR) and Office of the National Coordinator for Health Information Technology (ONC).
These can be customized by providers who maintain patient data, including:
- Other Health Care Providers
- Download the notices of privacy practices from hhs.gov.
- Review the Questions and Instructions document to properly customize the notices of privacy practices to meet the needs of your healthcare facility.
- Print your customized notices of privacy practices in full page versions or booklet style.
- Once your customized notices of privacy practices have been created, be sure to comply with the foundational requirements for providing the notice.
- A covered entity must make its notice available to any person who asks for it.
- A covered entity must prominently post and make available its notice on any web site it maintains that provides information about its customer services or benefits.
Stericycle’s popular Steri•Safe HIPAA Compliance Program provides covered entity health care providers with an extensive library of policy templates and documentation resources to meet HIPAA documentation and recordkeeping requirements.