medcomply.ai
Intel
The HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy RuleThe HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy Rule
Beginnerfront deskpractice managerprovider

Notice of Privacy Practices — what goes in it?

The handout patients receive explains how your organization uses health information. Here's what it is for.

TL;DR

The Notice tells patients their rights and your privacy practices. Post a summary in the office, give new patients a copy, and keep it current when practices change.

Updated 2026-04-21

The Notice of Privacy Practices (NPP) is not marketing material—it is a patient rights document. It explains how your organization may use and share health information and what choices patients have.

Where patients see it

  • Posted or available in the waiting area.
  • Offered to new patients (often with a signature line that they received it).
  • Updated when your uses of data materially change.

What staff should know

Front desk teams should be able to hand out the Notice and direct questions to the privacy officer. You do not need to memorize every paragraph—you need to know where the current version lives (paper + PDF).

If someone asks "why do I have to sign this?"

Explain simply: "It is how we show you the rules about your information. Signing means you got a copy—not that you gave up your rights." (Phrasing may vary—follow your script.)

Keep reading

Next in your reading path → What HIPAA training does our staff actually need?

Not legal advice. Educational overview only; consult qualified counsel for your situation.