Printer Friendly, PDF & Email

Noticed your Notice of Privacy Practices lately?

Frank Ruelas ( is Facility Compliance Professional at St. Joseph’s Hospital and Medical Center/Dignity Health in Phoenix, and Tina Daha ( is an ethics and compliance professional in Scottsdale, AZ.

Some clinics and offices seem to be backsliding in regard to compliance with the Health Insurance Portability and Accountability Act (HIPAA) requirement of providing either an electronic copy or a hard copy of an important document called the Notice of Privacy Practices (NPP). Individuals who come to covered-entity locations are often asked to sign an acknowledgement that they received a copy of the NPP, but they are never actually provided a copy of it. This happens all too frequently, and if so, a covered entity’s efforts are inadequate to promote its compliance with the provision of the NPP to individuals, as described in the HIPAA regulations.

Individuals have rights in terms of the privacy and security of their medical information that a covered entity, such as a physician’s office or a hospital, may create, maintain, receive, or store. HIPAA is the federal law that identifies the requirements that covered entities must follow to protect an individual’s protected health information (PHI). One of these requirements is that a covered entity is required to provide a copy of its NPP to individuals. The NPP explains the manner in which the covered entity is permitted to use or disclose an individual’s PHI. The NPP also describes the individual’s rights under HIPAA.

This document is only available to members. Please log in or become a member.