Purpose

To ensure every medical website built by First Call includes a compliant and accessible Notice of Privacy Practices that meets the requirements of the Health Insurance Portability and Accountability Act (HIPAA).

1. Page Objective

The NPP page communicates:

• How a patient’s medical information may be used and disclosed
• The patient’s rights regarding their health information
• The responsibilities of the healthcare provider

2. Page Structure & Required Sections

Each NPP page must include the following sections, presented in clear and accessible language:

A. Introduction

• Title: Notice of Privacy Practices
• Subheading: “This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.”

B. Your Rights

List and explain the patient’s rights, including:

• Access to records: Right to view or receive a copy (electronic or paper) within 30 days
• Corrections: Right to request amendments to incorrect/incomplete information
• Confidential communication: Right to request alternative contact methods or locations
• Restrictions: Right to request limits on what is shared (not always guaranteed)
• Out-of-pocket privacy: Restrict insurer access when services are paid in full personally
• Disclosure accounting: Right to request a record of who has received their information (past 6 years)
• Paper copy of NPP: Available upon request
• Authorized representative: Rights can be exercised by someone legally appointed
• Filing a complaint: Include contact info and HHS reporting link; state non-retaliation policy

C. Your Choices

Outline optional disclosures that require patient input:

• With permission:
  • Share info with family/friends
  • Disaster relief communications
  • Hospital directory inclusion
  • Fundraising contacts (opt-out option)
• Never shared without explicit consent:
  • Marketing purposes
  • Sale of information
  • Most psychotherapy notes

D. Our Uses and Disclosures

Explain common permitted uses:

• Treatment: Coordination and consultation between providers
• Operations: Improving quality of care, managing practice
• Billing: Sharing with insurers for reimbursement

Also include secondary cases allowed or required by law:

• Public health & safety (e.g., disease prevention, abuse reporting)
• Research (as permitted)
• Legal compliance (including audits)
• Organ donation, medical examiners, funeral homes
• Law enforcement and national security
• Court orders or subpoenas

E. Our Responsibilities

State legal obligations, including:

• Maintaining privacy and security of health data
• Prompt breach notification
• Adherence to stated practices
• Requiring written permission for uses beyond this notice
• Right to change terms of this notice and communicate updates

3. Implementation Requirements

• Format: Structured as a standalone page; accessible from footer site-wide
• Accessibility: Responsive design, screen-reader compatible, high contrast text
• Optional: Provide PDF download of the notice
• Legal Review: Client must approve and confirm legal compliance
• Versioning: Include last revision date

4. Compliance References

• Link to HHS HIPAA Rights
• Link to HIPAA Complaints Portal

5. Change Management

Any updates to the NPP language must:

• Be reflected on the live web page
• Be versioned with date
• Be re-approved by the client