LIVE CME or CE e-Learning Activity: When Sex Gets Complicated: Porn, Affairs, & Cybersex See Details

Multicultural & Diversity Training for Compliance: How to Offer Culturally-Competent Care See Details

HIPAA Violations, Notice of Privacy Practices

How to Think About Your HIPAA Notice of Privacy Practices

MARLENE MAHEU, PhD

December 4, 2019 | Reading Time: 2 Minutes
429

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

Behavioral health practices are considered covered entities (CEs) under the Health Insurance Portability and Accountability Act (HIPAA). The HIPAA Privacy Rule requires CEs to distribute a Notice of Privacy Practices (NPP) to new patients upon intake. A Notice of Privacy Practices dictates how protected health information (PHI) can be used and disclosed. In addition an NPP describes patients’ rights in regards to their PHI.

What is Included in a Notice of Privacy Practices?

HIPAA requires specific information to be included in a Notice of Privacy Practices. It must be written in a clear manner, that can be easily understood by patients, and must include the following:

  • The statement must begin with: “THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.”
  • How PHI will be used for treatment, payment, and healthcare operations.
  • The circumstances in which patient authorization will be required to use or disclose PHI.
  • The circumstances in which patient authorization will not be required to use or disclose PHI.
  • The contact information of the office or person that patients can contact with questions or further information.
  • The date in which the notice is effective.
  • A statement that notifies the patient that they have the right to revoke authorization.

Patient Rights to their Information

Within the Notice of Privacy Practices, there must be a section that clearly states what rights a patient has in regards to their PHI.

  • The right to request restrictions on certain uses and disclosures of PHI.
  • The right to inspect and copy PHI.
  • The right to amend PHI, as permitted by law.
  • The right to receive an accounting of disclosures of PHI.
  • The right of an individual to obtain a paper copy of the notice, upon request.
  • The right to complain to the covered entity and to the Secretary of Health and Human Services if an individual believes his or her privacy rights have been violated.

Covered Entities Obligations in Regards to PHI

Lastly, the statement must include the covered entity’s responsibilities in regards to maintaining the privacy of PHI.

  • A statement that the covered entity is required by law to maintain the privacy of PHI.
  • A statement that the covered entity must provide individuals with notice of its legal duties and privacy practices with respect to PHI.
  • A statement that the covered entity must notify affected individuals following a breach of unsecured PHI.
  • A statement that the covered entity must abide by the conditions of the notice currently in effect.
Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Read More
HIPAA Compliant Cybersecurity for Professionals

Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.

Read More
Telepractice: Telehealth Law & Ethics Implementation Workshop

Comply with federal, state, national accreditation and association requirements for telehealth documentation.

Read More

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Copy URL
Share On Facebook
Share On X
Share On Whatsapp
Share On Linkedin
Share Via Email
Was this article helpful?
YesNo

Please share your thoughts in the comment box below.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!

REGISTER

Telehealth.org Services


UPCOMING COURSE
When Sex Gets Complicated: Porn, Affairs, & Cybersex
Telehealth Across State Lines & International Borders: Navigating Legal & Ethical Mastery
UPCOMING COURSE
Telehealth Across State Lines & International Borders: Navigating Legal & Ethical Mastery

UPCOMING COURSE
Mastering Telehealth Billing Guidelines 2024: A Blueprint for Success

FEATURED COURSE
Multicultural, Diversity & Equity Training for Legal & Ethical Compliance

FEATURED COURSE
3- Hour Essential Telehealth Law & Ethical Issues

BCTP® CERTIFICATE
Distinguish yourself as a certified telehealth professional with BCTP®-I, II or III.

CONSULTATION
Get pivotal guidance from industry leaders!

Advertisement


Cyber Attack Protection at a Reasonable Cost
No Extensive Application

Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

Aug 20, 2023 | Reading Time: 4 Minutes

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...