Adobe Acrobat Sign
Whether you’re a healthcare provider or trying to provide healthcare to your employees, learn what you need to do to keep people informed about information protection.
In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA), a federal law that set strict standards for how healthcare operations handle and store electronic medical records. Under HIPAA’s Privacy Rule, healthcare providers and other organizations affected by the law (known as covered entities) must prepare and issue patients a notice of privacy practices (NPP), which informs them how their protected health information (PHI) will be used and shared.
An NPP safeguards a patient’s right to privacy by making them aware of how their health information will be protected before they share it. This gives the patient the option to request restrictions on the disclosure of their PHI or choose to take their business elsewhere. And it ensures that the healthcare service provider is accountable for maintaining a set of privacy standards that have been stated in advance.
If your business is a covered entity, you need to send patients an NPP by mail or electronically in advance of their first appointment. Once a patient acknowledges that they’ve received their NPP, you’re required to keep records of what you’ve sent them and make those records available upon request.
All medical and dental providers are required to issue NPPs to each patient, as well as keep an NPP posted publicly either in their office or on their website. Other healthcare-adjacent businesses that handle patients’ medical information must issue NPPs as well, such as:
To be in compliance with HIPAA’s rules, your notice of privacy practices needs to include several key pieces of information.
All NPPs must have the same statement written across the top of the page: “This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.”
This is where you explain with whom you’ll share the patient’s information and whether you’ll ask for their authorization before you do it. Organizations and individuals to whom you can disclose information without asking permission include:
Especially sensitive information, such as psychotherapy notes, requires authorization from the patient before you can release it. And while it is rare that you would do so, you also need a patient’s explicit permission before you sell or release their personal health information for marketing purposes.
Your NPP needs to include a statement of the patient’s rights, including:
In this section, you must outline what your organization is required to do to protect individuals’ health records, including:
Provide the name, title, and phone number of your organization’s privacy officer or any other employee qualified to answer questions about your privacy practices.
The date that your NPP goes into effect.
An e-signature program makes it easier to send, store, and manage every notice of privacy practices that you send to a client.
If your business is a covered entity, you’ll need to send out a lot of NPPs. With Acrobat Pro, you can create a reusable NPP template that includes all the legally required information, then personalize each individual copy before sending it out to patients for their signature.
Smart documents in Acrobat automatically track and manage workflows, so you can receive notifications when each NPP you send has been opened, viewed, and signed. This makes it easy to keep track of who has acknowledged your organization’s privacy practices and who still needs a nudge to complete their paperwork. And clients can sign securely for free at any time on virtually any device.
It’s crucial to be sure that individuals’ confidential health information is kept secure. A well-written notice of privacy practices puts your patients at ease that their data is being handled with care.