A notice of privacy practices is exactly what it sounds like: a document or set of documents that provides a clear explanation of the covered entity's privacy policies in regards to Protected Health Information (PHI) as well as its the privacy practices. Under the federal Health Insurance Portability and Accountability Act (HIPAA) of 1996, all covered entities must have a notice of privacy policies in place; otherwise, they are in violation of the HIPAA Privacy Rule and could be subject to fines or other penalties.
So, what's the purpose of a notice of privacy practices? Aside from remaining compliant with federal laws, it's intended to provide healthcare patients and customers with essential rights regarding their privacy. All health insurance providers, healthcare facilities and covered entities must create a notice of privacy policies to inform their patients and customers about their privacy rights. This notice focuses on the individual rights of patients and customers in regards to their privacy. Without such a notice, many people wouldn't know how their personally identifiable information is being used.
A typical notice of privacy practices must contain the following information:
- The way in which the covered entity may use and disclose the Protected Health Information (PHI) of patients.
- The patients rights in regards to the PHI and how the patient may exercise these rights. This includes but is not limited to how the patient may issue a formal complaint about the covered entity.
- The covered entity's local responsibilities in regards to PHI, including a statement to maintain the privacy of PHI as mandated by HIPAA.
- The contact information for a person or persons whom patients can contact for more information about the covered entity's privacy policies.
There are several different formats available for creating a notice of privacy policies, one of which involves traditional paper-based models. This is often done using either a booklet, a layered notice with a summary of the covered entity’s privacy policies, or a full-page presentation. A second option, however, involves the use of digital notices. There are dozens of tools and software available to create such notices.
Also, notice of privacy practices and policies must be updated on a regular basis to ensure compliance with all existing and new HIPAA laws.