FAQs on Notice of Privacy Practices

1. What is a Notice of Privacy Practices (NPP)?

The Notice of Privacy Practices (NPP) is a document that healthcare providers are required by law to provide to patients. It explains how the provider may use and disclose your protected health information (PHI), and outlines your rights regarding your health information.

2. Why am I required to sign the NPP?

Signing the NPP acknowledges that you have received the document and understand how your health information will be used and shared. It does not mean you agree with everything in the notice, but simply confirms you were informed of your privacy rights.

3. What kind of information is covered by the NPP?

The NPP covers protected health information (PHI), which includes any information about your past, present, or future physical or mental health condition, the healthcare services you receive, and payment for your healthcare.

4. How can my health information be used without my permission?

Your health information can be used or disclosed for:

  • Treatment: To coordinate care and treatment between healthcare providers.
  • Payment: To bill for services provided to you.
  • Healthcare operations: For activities like quality assessments, training, licensing, and audits.

It can also be shared without your permission in cases such as:

  • Public health purposes (e.g., disease control)
  • Legal requirements (e.g., reporting abuse or law enforcement purposes)
  • Emergency situations

5. Can I control who sees my health information?

Yes, you can ask your healthcare provider not to share certain information with specific individuals or organizations. However, the provider is not required to agree to your request, particularly if it affects your care.

6. How can I access my health information?

You have the right to access and obtain copies of your medical records. You can request your records from your healthcare provider, who may charge a reasonable fee for copying.

7. Can I correct or amend my health information?

Yes, if you believe the information in your medical records is incorrect or incomplete, you can request that your healthcare provider amend it. They may refuse if they believe the record is accurate, but they must provide a written explanation for the denial.

8. Can I request to receive confidential communications?

Yes, you can request to receive communications about your health information by alternative means or at alternative locations (e.g., by mail instead of phone, or to a different address). Your provider must accommodate reasonable requests.

9. How will I be notified if there is a breach of my health information?

If a breach occurs involving your unsecured health information, you will be notified as soon as possible. This notification will explain what happened, what information was involved, and steps you can take to protect yourself.

10. Who can I contact if I have concerns or complaints about my privacy rights?

You can contact your healthcare provider’s Privacy Officer or the U.S. Department of Health and Human Services if you believe your privacy rights have been violated. Filing a complaint will not negatively affect your care or coverage.

11. Do I need to receive an updated NPP if changes are made?

Yes, you should be notified of any material changes to the NPP. However, you do not need to sign a new acknowledgment each time the notice is updated.

12. How long does my healthcare provider need to keep my records?

Healthcare providers are required to keep your medical records for a certain period, depending on state laws and federal regulations. Typically, they are kept for at least 6 years.