Sample HIPAA Notice of Privacy Practices Statement
The Health Insurance Portability and Accountability Act (HIPAA) was enacted to ensure the privacy and confidential handling of medical information for all patients in the U.S. It applies to all medical and mental health service providers.
HIPAA laws can be complicated but absolutely must be adhered to. HIPAA requires that all persons you collect medical information from either directly or indirectly (such as by filling a prescription) be notified of their rights to privacy and receive a “Notice of Privacy Practices” which is sometimes also called “Notice of Information Practices.”
The statement must tell your patient clients what you do with their information and it either must be signed by the patient, or the patient must sign a HIPAA consent form that they have received a copy of your privacy practices prior to signing a HIPAA consent form.
This free sample HIPAA privacy practices statement is not intended to serve or substitute as a legal document or as legal advice for your own medical, mental health, or any other service organization or business.
The following sample HIPAA privacy practices statement is the information practices statement the national-level non-profit I founded and run uses. It was specifically worded for nonprofit services (free medical services) but can be adapted for use by for-profit businesses as well.
I have replaced the name of my own organization with “Imaginary Health Services Nonprofit” (ISHN). Be sure to remove this fictitious name and replace it with the name of your own business.
You should also revise this document to detail your own privacy policies and have an attorney review it to make sure it meets the legal requirements of your own business before using it.
Sample HIPAA Notice of Privacy Practices Statement
Notice of Information Practices and Privacy Statement
Hypothetical Health Services Nonprofit
Your Physical Address
Your City, State, Zip Code
Phone contact information
Email contact information
How We Collect Information About You
Hypothetical Health Services Nonprofit. (HHSN) and its employees and volunteers collect data through a variety of means including but not necessarily limited to letters, phone calls, emails, voicemails, and from the submission of applications that are either required by law or necessary to process applications or other requests for assistance through our organization.
What We Do Not Do With Your Information:
Information about your financial situation and medical conditions and care that you provide to us in writing, via email, on the phone (including information left on voicemails), contained in or attached to applications, or directly or indirectly given to us, is held in strictest confidence.
We do not give out, exchange, barter, rent, sell, lend, or disseminate any information about applicants or clients who apply for or actually receive our services that are considered patient confidential, restricted by law, or specifically restricted by a patient/client in a signed HIPAA consent form.
How We Do Use Your Information:
Information is only used as is reasonably necessary to process your application or to provide you with health or counseling services which may require communication between HHSN and health care providers, medical product or service providers, pharmacies, insurance companies, and other providers necessary to verify your medical information is accurate and determine the type of medical supplies or health care services you need. This is including, but not limited to, or to obtain or purchase any type of medical supplies, devices, medications, or insurance.
If you apply or attempt to apply to receive assistance through us and provide information with the intent or purpose of fraud or that results in either an actual crime of fraud for any reason including willful or un-willful acts of negligence whether intended or not, or in any way demonstrates or indicates attempted fraud, your non-medical information can be given to legal authorities including police, investigators, courts, and/or attorneys or other legal professionals, as well as any other information as permitted by law.
Information We Do Not Collect:
Limited Right to Use Non-Identifying Personal Information From Biographies, Letters, Notes, and Other Sources:
Any pictures, stories, letters, biographies, correspondence, or thank you notes sent to us become the exclusive property of HHSN. We reserve the right to use non-identifying information about our clients (those who receive services or goods from or through us) for fundraising and promotional purposes that are directly related to our mission.
Clients will not be compensated for use of this information and no identifying information (photos, addresses, phone numbers, contact information, last names or uniquely identifiable names) will be used without the client’s express advance permission.
You may specifically request that NO information be used whatsoever for promotional purposes, but you must identify any requested restrictions in writing. We respect your right to privacy and assure you no identifying information or photos that you send to us will ever be publicly used without your direct or indirect consent.