Skip to main content
Podcast Episode: Fighting Enshittification

Notice of Privacy Practices (NPP)

Notice of Privacy Practices (NPP)

HIPAA-mandated notice that covered entities must give to patients and research subjects that describes how a covered entity may use and disclose their protected health information, and informs them of their legal rights regarding PHI. Standard uses and disclosures include: treatment, payment and health care operations; appointment reminders; treatment alternatives; health-related benefits and services; directories of patients admitted to hospitals; research; and as required by law. It may or may not contain information about patients’ rights to access their records. Recent HIPAA updates require the notice to state that (1) sale of PHI is prohibited without written consent; (2) a covered entity has a duty to notify affected individuals of a breach of unsecured PHI; (3) patients have the right to opt out of receiving fundraising communications from a covered entity; (4) patients who pay for treatment out-of-pocket and in full have the right restrict disclosures of PHI to a health plan. In addition, most health plans will need to inform individuals of the prohibition against using or disclosing genetic information for underwriting purposes. The NPP must be signed as an acknowledgment that you have received and read it. For that reason it is often mistaken for a consent form, but it is not.

There is currently no content classified with this term.

Subscribe to RSS - Notice of Privacy Practices (NPP)

Back to top

JavaScript license information