Start Your FREE Membership NOW
 Discover Proven Ways to Be a Better Medical Office Manager
 Get Our Daily eNewsletter, MOMAlert, and MUCH MORE
 Absolutely NO Risk or Obligation on Your Part -- It's FREE!

Upgrade to Premium Membership NOW for Just $90!
Get 3 Months of Full Premium Membership Access
Includes Our Monthly Newsletter, Office Toolbox, Policy Center, and Archives
Plus, You Get FREE Webinars, and MUCH MORE!

HIPAA Refresher: Is your practice on top of NPPs?

By Ranadene K. Tapio, MBA, CMRS, CMC, Guest Contributor  bio

I know, HIPAA is old news. And ALL of your offices are presenting your patients with a HIPAA Notice of Privacy Practices (NPP) already. Right?

Are you sure? Do you have systems in place to ensure this is being done? Do you work the front desk, so you know it’s getting done? Are you in the back office, and in charge of auditing patient files to make sure the NPP is on file?

For those of you who aren’t so sure, there’s no time like the present to get on top of this!

Each healthcare/medical provider office should have the NPP displayed in the office where it is clearly visible to their patients. The office should also be offering each new patient their own copy of the NPP. The patient should be signing a NPP Acknowledgement form, which is filed into the patient’s chart.

Does your office have a website? Recommend that they post their NPP on there as well.

If your office has never gone through and presented the NPP to ALL current patients, it’s time to get on track. We all know that it’s way past the deadline! Most healthcare/medical offices are covered entities; very few are exempt. Your office is out of compliance if this has not been done.

You can help your office get back on track by walking them through the process:

  • Do they even have an NPP? If not, help them write one.
  • Have procedures in the office changed or updated so that the NPP also needs to be updated? Help with that.
  • Any time there are significant changes to the NPP, ALL current and new patients need to be presented with the new NPP.

Remember, the NPP is usually lengthy due to the complexity required by the regulation itself. A written summary would not be acceptable because it would require the omission of language that protects a practice.

Under HIPAA, an individual has the following rights with regard to his/her PHI:

  • The right to consent to or authorize the use and disclosure of PHI.
  • The right to receive a copy of the practice’s Notice of Privacy Practices.
  • The right to request restrictions on certain uses and disclosures of PHI.
  • The right to request restrictions on how the practice communicates PHI to the patient.
  • The right to inspect and copy PHI.
  • The right to request an amendment of PHI.
  • The right to an accounting of the disclosures of PHI made by the covered entity for purposes other than TPO.
  • The right to complain about alleged violations to the practice and DHHS.

By helping your office with these tasks, they’re sure to see you as the professional you are!

Ranadene (Randi) Tapio is the president of MedCycle Solutions, which provides Revenue Cycle Management, Credentialing, Outsourced Coding, and Consulting Services to a number of healthcare providers in a variety of specialties. She holds an MBA in Healthcare Administration & Management and multiple professional certifications. You can reach Randi by email at or call 320-290-6448.

Editor’s picks:

HIPAA data breaches in 2017: Another record breaking year!

Want to improve collections? Start by looking at your Patient Registration System

Compliance checklist









Try Premium Membership