DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.
Introduction
A HIPAA Notice of Privacy Practices (NPP) is a document that covered entity providers must furnish to patients. The NPP outlines what protected health information (PHI) the covered entity may share without a patient's authorization, and what protected health information may be shared only if written authorization has been provided. The NPP also covers rights that patients have with respect to their protected health information - including (among others) the right to receive a copy of the notice, the right to file a complaint with the covered entity, the right to request amendment of PHI, and the right to request an accounting of disclosures of PHI.
What are Patient Obligations With Respect to the Notice of Privacy Practices?
Patients should review the Notice of Privacy Practices to gain an understanding of their rights, and an organization's responsibilities, with respect to patient PHI. Patients are not required to sign the Notice of Privacy Practices as a way of agreeing to its terms. That is, a provider may not require a patient to sign the patient's name next to a statement such as, "I agree to abide by the terms stated in the Notice of Privacy Practices." The rights and responsibilities outlined in the notice are required by law - and a patient is not required to sign a statement "agreeing with the law." (Would someone be required to sign a copy of the U.S. Constitution in order for that person to be protected by its provisions? Of course not).
Except in an emergency situation, a provider is required to make a good faith effort to obtain a written acknowledgment of receipt of the notice provided, and, if the written acknowledgment is not obtained, to document its good faith efforts to obtain that acknowledgment and the reason why the acknowledgment was not obtained. In other words, a provider, absent an emergency treatment situation, is required to attempt to obtain a patient's signature to the effect that the patient received the Notice of Privacy Practices. The patient can only be required to sign a statement indicating that the patient received the Notice - not a statement that the patient "agrees" with the Notice, or "agrees to abide by the Notice." It is acknowledgment of receipt of the Notice that a provider must endeavor to obtain. Say that a patient refuses to sign the acknowledgment of receiving the Notice. In such a case, the provider should document what efforts it made to obtain the written acknowledgment, and the reason why the acknowledgment was not obtained (if, for example, the patient refuses to sign the document, the provider can document "patient refused to sign" as the reason).
The language for the written acknowledgment of receipt can appear on the Notice of Privacy Practices at the end, or can be on its own, separate document.
Note that treatment cannot be conditioned upon the signing of the acknowledgment. That is, a provider cannot refuse to treat a patient because the patient refused to sign the acknowledgment.
TIP: The Guard contains a Template Notice of Privacy Practices.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article