HIPAA: True or False: If a practice has a website, a current copy of its HIPAA Notice of Privacy Practices (NPP) must be available there.
The HIPAA Privacy Rule requires covered entities to post the current version of its NPP at a prominent location on their website.
The Office for Civil Rights (OCR) clarified “prominent location” by providing two examples:
- Through a drop-down menu on the home page.
- A link on the top or bottom of the home page labeled “Notice of Privacy Practices.”
A patient should not need to click more than twice from a practice’s home page to find the NPP.