It’s Your Call – November 2022

HIPAA: True or False: If a practice has a website, a current copy of its HIPAA Notice of Privacy Practices (NPP) must be available there.

True.

The HIPAA Privacy Rule requires covered entities to post the current version of its NPP at a prominent location on their website.

The Office for Civil Rights (OCR) clarified “prominent location” by providing two examples:

1. Through a drop-down menu on the home page.
2. A link on the top or bottom of the home page labeled “Notice of Privacy Practices.”

A patient should not need to click more than twice from a practice’s home page to find the NPP.