§164.520 high Severity HIPAA US Federal

HIPAA Privacy Rule — Notice of Privacy Practices

Enforced by: HHS OCR (US)
Current as of March 26, 2013
Plain Language Summary
Every covered entity must have a Notice of Privacy Practices (NPP) and provide it to patients at first service. Patients must acknowledge receipt.

A covered entity must provide a notice of its privacy practices. The notice must describe the uses and disclosures of protected health information the covered entity is permitted to make, the covered entity's duties with respect to protected health information, the privacy rights of individuals, and how individuals may exercise these rights.

A covered entity must provide the notice to individuals no later than the date of first service delivery and make a good faith effort to obtain a written acknowledgment of receipt of the notice.

Related Enforcement Cases

Advocate Aurora Health — Tracking Pixel HIPAA Settlement ($3M) $3.0M
Banner Health — Network Segmentation Failure HIPAA Settlement ($1.25M) $1.25M