HIPAA Privacy Statements: Are You Compliant?

by Donna Koger, 6.13.16

Most of you are probably aware that HIPAA requires your health organization provide a Privacy Statement or Notice of Privacy Practices (NPP) to all your patients. However, many of you are probably using an outdated version of this document that doesn’t measure up to the most recent HIPAA requirements.

Comprehensive Templates

Fortunately, the government (HHS.com) provides comprehensive templates for you to use that include all up-to-date required information. These templates are available in sample PDF formats, such as booklet (preferred by consumers in focus testing), layered and full page, as well as a text (MS Word) version. The text version specifically allows you to customize the document to fit your organization by adding name, address, phone, etc.

One requirement you may not be including in your Privacy Statement is contact information for a HIPAA Compliance Officer or other company representative that specifically addresses the privacy concerns of patients. In one section the form states . . .

“Insert name or title of the privacy official (or other privacy contact) and his/her email address and phone number.”

For more information or to download the templates, go to http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/model-notices-privacy-practices/index.html.

Donna Koger is currently the HIPAA Compliance Officer and materials developer for software training and support at Smoky Mountain Information Systems, home of PIMSY EHR. Ms. Koger is also a regular contributor to the PIMSY EHR Blog.