YouTube embedded video: HHS OCR - Explaining the Notice of Privacy
Practices
Your health care provider and health plan must give you a notice that tells you how they may use and share your health information. It must also include your health privacy rights. In most cases, you should receive the notice on your first visit to a provider or in the mail from your health plan. You can also ask for a copy at any time. The law requires your doctor,
hospital, or other health care provider to ask you to state in writing that you received the notice.What is the HIPAA notice I receive from my doctor and health plan?
Why do I have to sign a form?
What is in the Notice?
- How the Privacy Rule allows provider to use and disclose protected health information. It must also explain that your permission (authorization) is necessary before your health records are shared for any other reason
- The organization’s duties to protect health information privacy
- Your privacy rights, including the right to complain to HHS and to the organization if you believe your privacy rights have been violated
- How to contact the organization for more information and to make a complaint
When and how can I receive a Notice of Privacy Practices?
You’ll usually receive notice at your first appointment. In an emergency, you should receive notice as soon as possible after the emergency.
The notice must also be posted in a clear and easy to find location where patients are able to see it, and a copy must be provided to anyone who asks for one.
If an organization has a website, it must post the notice there.
A health plan must give its notice to you at enrollment. It must also send a reminder at least once every three years that you can ask for the notice at any time.
A health plan can give the notice to the “named insured” (subscriber for coverage). It does not also have to give separate notices to spouses and dependents.
Content created by Office for Civil Rights (OCR)
Content last reviewed November 2, 2020