Skip to content. | Skip to navigation

Advanced Search…
Personal tools
You are here: Home Resources Forms Notice of Privacy Practices

Notice of Privacy Practices

NOTICE OF PRIVACY PRACTICES (NPP)

The HIPAA privacy rule requires a covered entity to provide a notice of its privacy practices (NPP) to all patients.  The NPP describes the uses and disclosures of protected health information (PHI) that may be made by the covered entity regarding an individual's PHI, the individual's rights and the covered entity's legal duties with respect to PHI. There are requirements under the Privacy Regulations relating to both the content and distribution of the NPP. Direct treatment providers are required to make a good faith effort to obtain a written acknowledgment of the NPP from the individual. A non-compliant NPP is a HIPAA violation that could subject your school, department, business unit, or organization to a $100 fine per day until corrected per the HIPAA enforcement rule effective March 16, 2006.

NPP TEMPLATES & BEST PRACTICES

To assist you with your HIPAA compliance efforts, the UofL Privacy Office has developed three template NPP forms, including:

a) full NPP,
b) Summary of NPP, and
c) an Acknowledgment of Receipt of NPP form.

NPP "best practices" are as follows:

1) Provide the patient with a copy of the UofL full NPP with the Summary of NPP stapled to the top. We have also provided the full NPP in a two-sided, one sheet format.

Note: The full NPP must be provided to all new patients. The Summary of NPP is optional; however, we recommend its use as best practice.

2) If the patient accepts the NPP, then request the patient sign the first line of the Acknowledgment of Receipt of NPP form noting that they were provided with the NPP.

3) If the patient refuses the NPP, then request the patient sign the second line of the Acknowledgment of Receipt of NPP form, noting that they declined the NPP provided. (Note: If the patient refuses to sign the Acknowledgment form, this fact should be documented by the provider).

4) If a patient declines the NPP provided, it could be put back in a "recycle box" to be given to the next patient.

5) The Acknowledgment of Receipt of NPP form should be maintained in the patient's medical record.

Please note that the linked template forms are designed for you to simply drop in your specific practice information (see "RED" highlighted areas) to make them specific to your practice. Be sure to open the attached files using Microsoft Word to maintain all formatting. Also, please remember to insert the "Last Revised" date on revised forms.  For the Spanish versions, the items in red (e.g., the entity name) can be in English.

Summary of NPP Templates

Document Actions

10/27/2008
University of Louisville Selects GuardianEdge to Protect Sensitive Data for Faculty, Staff, Doctors and Researchers

  • GuardianEdge, the leader in enterprise endpoint data protection, today announced that the University of Louisville has selected the GuardianEdge Hard Disk Encryption, Smartphone Protection and Device Control solutions to safeguard data for faculty and staff, doctors and researchers. [Click here for more information]

10/20/08
Fourth Annual Cyber-Security Awareness Week was a BIG Success!

08/25/08
Safe computing starts with knowing the rules of the road (InfoSec Bulletin #7 - August 25, 2008)

08/20/07
Information Security Policies
and Standards Approved: