HHS Provides Model HIPAA Notices for Healthcare Plans and Providers

The U.S. Department of Health and Human Services (HHS) has made available a series of model Notices of Privacy Practices for health care providers and health plans.  Changes to privacy regulations known as the HIPAA/HITECH Omnibus Final Rule went into effect in late March 2013.  The safe harbor compliance period ends on September 23, 2013.  Among other changes, the Omnibus Rule requires that health plans and healthcare providers notify individuals about their privacy rights regarding their personal health information.  In addition, individuals have a right to be informed about their health plans’ and healthcare providers’ privacy practices. 

To this end, the HHS has published some model notices, which the agency says:

serve as the baseline for covered entities working to come into compliance with the new requirements.  In particular, the models highlight the new patient right to access their electronic information held in an electronic health record, if their provider has an EHR in their practice.  Covered entities may use these models by entering their specific information into the model and then printing for distribution and posting on their websites.

More information on compliance with the HIPAA/HITECH omnibus final rule can be found here

Photo credit: LilliDay

Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.