HIPAA Requirements

  • Does your website have your HIPAA Notice of Privacy Practices readily available?
  • Does your current web firm fully understand HIPAA requirements?

Virtually every physician medical practice, ambulatory surgery center, healthcare clinic, and hospital must post their HIPAA Notice of Privacy Practices on their website. 

The regulation is very clear in this regard:  All covered entities are required to display their HIPAA Notice of Privacy Practices on their web site.  Here is the reference link and an excerpt:

(3) Specific requirements for electronic notice. (i) A covered entity that maintains a web site that provides information about the covered entity's customer services or benefits must prominently post its notice on the web site and make the notice available electronically through the web site.

The Privacy Rule also contains several NPP provisions that are relevant to covered entities that operate in an electronic environment. First, the Privacy Rule requires a covered entity that maintains a web site providing information about the covered entity’s services or benefits to prominently post its NPP on its web site. Further, where a health care provider delivers its first health care service to an individual electronically, such as through e-mail, or over the Internet, the provider must send an electronic NPP automatically and contemporaneously in response to the individual’s request for service. Also, in general, a covered entity is permitted to e-mail its NPP to an individual if the individual agrees to receive an electronic NPP (although the individual always retains the right to receive a paper copy of the NPP upon request). See 45 C.F.R. § 164.520(c)(3).