Main Menu
HIPAA Expansion: Time to Update Notice of Privacy Practices

On Jan. 25, the Office for Civil Rights of the Department of Health and Human Services issued the final rule amending the Health Insurance Portability and Accountability Act (HIPAA) privacy, security, enforcement and breach notification requirements, signaling the most expansive change to HIPAA in more than a decade. Compliance with these requirements, including updated Notice of Privacy Practices (NPP), should be in place by September 2013.

Several of the changes under the final rule require that health care providers, health plans, and others meeting the definition of “covered entity” under the HIPAA regulations review, revise, and redistribute their NPPs. The NPP must reflect certain situations where authorizations to use or disclose personal health information are needed, particularly in the case of psychotherapy notes, marketing and sales of personal health information.

The NPP must also include a notice regarding a patient’s right to opt-out of certain fundraising and a right to prevent certain information from being shared with the patient’s health plan when the patient pays out of pocket. Finally, the NPP must inform patients of the covered entity’s breach notification requirements. Once the NPP has been updated to include this information, a covered entity must then redistribute its NPP and post the revised NPP on its website. 

If you have questions about how these or other expanded HIPAA regulations may affect you or your business, please contact Bingham Greenebaum Doll LLP attorneys Alan J. Dansker or Daniel E. Fisher.



Recent Posts




Back to Page