Health Information Management

HIPAA Q&A: Notice of Privacy Practices

HIM-HIPAA Insider, March 19, 2012

Q. Is there a need to keep the acknowledgment form when we provide a Notice of Privacy Practices (NPP) to a patient? If so, how long must we keep it?

A. Covered entities (CEs) must keep records for six years to demonstrate their compliance with the HIPAA Privacy Rule. CEs must retain the signed acknowledgment form to demonstrate compliance with the NPP requirement.

Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, a nationally recognized expert on patient privacy, information security, and regulatory compliance, answered this question. She is associate executive director of Health Information Management (HIM) at Scott & White Healthcare in Temple, TX. Some of her publications were used as a basis for the Health Insurance Portability and Accountability Act of 1996 privacy regulations.

Most Popular