HHS Issues New Sample HIPAA Privacy Notices
HHS’ Office for Civil Rights (OCR) and Office of the National Coordinator (ONC) for Health Information Technology have collaborated to develop model Notices of Privacy Practices (NPPs) for health care providers and health plans to use to communicate with their patients and plan members.
The HIPAA Privacy Rule gives individuals a fundamental right to be informed of the privacy practices of health plans and health care providers, as well as to be informed of their privacy rights with respect to their personal health information. Health plans and covered health care providers are required to develop and distribute a notice that provides a clear, user friendly explanation of these rights and practices.
Many entities have asked for additional guidance on how to create a clear, accessible notice that their patients or plan members can understand. In response, OCR and ONC have provided separate models for health plans and health care providers. These options include:
- Notice in the form of a booklet;
- A layered notice that presents a summary of the information on the first page, followed by the full content on the following pages;
- A notice with the design elements found in the booklet, but formatted for full page presentation.
- A text only version of the notice.
The models reflect the regulatory changes of the Omnibus Rule and can serve as the baseline for covered entities working to come into compliance with the new requirements. In particular, the models highlight the new patient right to access their electronic information held in an electronic health record, if their provider has an EHR in their practice. Covered entities may use these models by entering their specific information into the model and then printing for distribution and posting on their websites.
- Layered Notice
- Full Page
- Text Only
- Questions and Instructions
For more information about the HIPAA Privacy Rule and the Notice requirements, see the HHS’ guidance here.
- A covered entity must make its notice available to any person who asks for it.
- A covered entity must prominently post and make available its notice on any web site it maintains that provides information about its customer services or benefits.
NPP Employers & Health Plan Sponsors – NPP (“Notice of Privacy Practices”)
- NPP Booklet – Health Plan
- NPP Full Page – Health Plan
- NPP Layered – Health Plan
- NPP Health Plan – Text Version
Providers – NPP (“Notice of Privacy Practices”)