December 08, 2014

How to Comply with HIPAA Privacy Regulations

What is the HIPAA Privacy Rule?

The HIPAA Privacy Rule requires health plans and covered health care providers to develop and distribute a notice–the Notice of Privacy Practices (NPP)–that provides a clear, user-friendly explanation of individuals’ rights with respect to their personal health information and the privacy practices of health plans and health care providers. 

What is a Notice of Privacy Practices (NPP)?

A HIPAA-mandated Notice of Privacy Practices (NPP) must inform how the covered entity (or CE) may or may not use protected health information (PHI), and help patients understand their personal rights when they seek services of a healthcare provider.

If a covered entity engages services of a third-party business associate to help carry out its healthcare duties and responsibilities, then the said CE must have a written agreement for the business associate which provides the scope of services that the business associate might carry out. And yes, the business associate also needs to comply with the HIPAA privacy regulations to protect the privacy of protected health information (PHI).

In summary, NPP is required by a covered entity or their business associate to remain in compliance with HIPAA privacy regulations and ensure the confidentiality of patient information.

Create Customizable Notice of Privacy Practices (NPP) to Comply with HIPAA

Many providers seek templates to provide the Notice of Privacy Practices in English and Spanish to improve patient experience and understanding. We are spreading the word about customizable HIPAA notices of privacy practices forms developed by The Office for Civil Rights (OCR) and Office of the National Coordinator for Health Information Technology (ONC).
These can be customized by providers who maintain patient data, including:

  • Doctors
  • Dentists
  • Hospitals
  • Other Health Care Providers

How to Develop HIPAA Regulations Compliant Notices of Privacy Practices

  1. Download the notices of privacy practices from
  2. Review the Questions and Instructions document to properly customize the notices of privacy practices to meet the needs of your healthcare facility.
  3. Print your customized notices of privacy practices in full page versions or booklet style.
  4. Once your customized notices of privacy practices have been created, be sure to comply with the foundational requirements for providing the notice.

When Must the Healthcare Provider Distribute HIPAA NPP?

  • A covered entity must make its notice available to any person who asks for it.
  • A covered entity must prominently post and make available its notice on any web site it maintains that provides information about its customer services or benefits.

Protect Your Organization with Our HIPAA Compliance Program

Stericycle’s popular Steri•Safe HIPAA Compliance Program provides covered entity health care providers with an extensive library of policy templates and documentation resources to meet HIPAA documentation and recordkeeping requirements. 

Learn More About Our HIPAA Solutions.


Receive Stericycle’s latest content, including news and regulations on how you can maintain business compliance.

Thank You!

We have received your request and a representative will contact you shortly to discuss your business needs.

Submission Error - Please Refresh and Try Again


Please enter a valid value


Please enter a valid value


Please enter a valid value

To find out what personal data we collect and how we use it, please visit our Privacy Policy