It’s Your Call – November 2022

HIPAA: True or False: If a practice has a website, a current copy of its HIPAA Notice of Privacy Practices (NPP) must be available there.


The HIPAA Privacy Rule requires covered entities to post the current version of its NPP at a prominent location on their website.

The Office for Civil Rights (OCR) clarified “prominent location” by providing two examples:

  1. Through a drop-down menu on the home page.
  2. A link on the top or bottom of the home page labeled “Notice of Privacy Practices.”

A patient should not need to click more than twice from a practice’s home page to find the NPP.