New York CommunitiesFeaturesToolsPhysician DirectoryWeb Design

SITE FEATURES

News Desk

Practis Forms

HIPAA Center

Compliance Center

Medical Informatics

Supply Cabinet

Spotlight

 
 

Privacy Notice 

Notice of Privacy Practices, or NPP, is a formal document that explains how, when, and why a patient’s health information may be disclosed. It answers questions regarding protected health information, or PHI, and acts as your practice’s guide to handling PHI.

Privacy Notice Elements

Prepare a standing written privacy notice that is tailored to your practice and on your practice stationery. Have all your patients, both new and existing, review and sign. The Notice should be:

  • In plain language

  • Provided in patient's own native language (ie., Spanish, Chinese)

  • Educate patients on their rights as patients

  • Specify who in the practice is the privacy contact

  • On practice or facility stationery

  • Distributed to and acknowledged by both new and existing patients

  • Should state that you have the right to amend or revise the policy  
  • You must inform the patient of right to:

    Receive a copy of notice.

    Authorize disclosure of health   information.

    Restrict certain uses and disclosures of PHI.

    Receive confidential communications.

    Inspect, copy and amend PHI.

    What the accounting procedure is for PHI disclosures (for other than treatment, payment, and health care operations.)

    How to complain about alleged privacy violations by your practice.

It is not required that each patient have a hard copy of the privacy notice itself, only that you have documented that they have reviewed the notice. Documentation can either be a log, where patients would sign that they have reviewed the policy, or a simple form that they can sign and you can retain in their chart. 

Web Link: Plain Language Principles and Thesaurus for Making HIPAA Privacy Notices More Readable, DHHS

Tip: Checking for documentation of review should become part of your daily chart review or new patient registration materials. For all initial encounters your front office staff can hand the patient a privacy notice when they arrive. For existing patients, staff can hand them the notice on their next visit to the office.

Tip:  In order to avert misunderstanding and complaint lodging, avoid the use of the word correction in your Notice of Privacy Practices. Also, when the original record is used or disclosed, the new amended statement will accompany any released copies. Source AHIMA

Other things to consider:

You must prominently post your privacy policy in your office. An abbreviated version of policy is fine.

If you have a web site, it must be on your web site.

You may distribute it via e-mail with a return receipt. 

If you forget to distribute the notice to patients, you should mail one to the patient the same day and document why it was not distributed at the time of service and that the notice was mailed.

Web Links 

Sample Privacy Policy (Source: OHIC)
HIPAA Notice of Privacy Practices (Source: AMA)

 

PLEASE NOTE: Information is provided as a service to our visitors. Practis takes no responsibility for it's content.  It is provided with the understanding that Practis is not engaged in rendering legal, accounting, or other professional services. If legal advice or other expert assistance is required, the services of a competent professional should be sought. Links and information are provided as a service to our visitors. Practis takes no responsibility for their content nor connectivity.
 
Authorization

What is Authorization? 

A written permission signed by the patient authorizing the covered entity permission to release PHI to third parties for a specific reason/condition and or treatment period. 

Specifically:

Is obtained each and every time there is a release of PHI to third parties.

Release only what is minimally necessary as defined by the authorization itself.

Examples

  • chart audit by health plan
  • referral to other physician 
  • disability forms
  • school forms
  • attorney requests
  • research

Disclosure Log

The covered entity should maintain a log of all PHI disclosures.

For more information on consent and disclosure > from the AHIMA

Also check the OHIC

Click for a disclosure log template form

Implementing Minimal Necessary Standards - what is "reasonably necessary" , determining and managing minimum necessary uses, disclosures, and requests in non-automated and automated environments. AHIMA

Restriction Requests - AHIMA

Under HIPAA, patients have the right to ask for restrictions on the disclosure of their protected health information.

Learn how:

  • you can develop an appropriate restriction request policy
  • you can respond to such requests
  • to define what the exceptions to the rule are
  • to develop an implementation plan 
  • to terminate such an agreement
 
About Practis | Our Services | Contact Us | Employment | Privacy Policy

© Copyright 1998-2006 Practis, Inc. All rights reserved.
1851 Stone Rd, Suite 101 - Rochester, NY 14615 - (585) 225-3340