HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

OCR and ONC release model NPPs

September 17, 2013

With H-Hour (the HIPAA Omnibus Rule compliance date) just a week away, the federales have come through, delivering a useful compliance tool with the HIPAA Notice of Privacy Practices requirements — a set of model forms released during the Consumer Health IT Summit. At first blush, the forms seem extremely user-friendly, and they are certainly briefer, and are written in a tongue that bears a closer resemblance to English, than the NPPs with which most of us have had to labor. Kudos to the agencies for undertaking the effort to draft and field-test these forms.

While the field-testers' favored format, we are told, is the booklet, I much prefer the layered online form. The first page has a high-level summary of the HIPAA privacy and security rules as they pertain to patients, and details are set forth on the pages that follow.

I was disappointed, however, with one of the examples given in the model NPP:

  • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
  • We will say β€œyes” to all reasonable requests.

Telephone and snail mail are nice, but many patients would prefer to be in contact with their health care providers via text message or email. Both modes of communication are permitted under HIPAA wth the patient's consent (which may be expressed by simply emailing or texting a provider), but if the NPP doesn't alert patients to that right, then many will never be aware of it.

I know that there are continuity-of-care benefits to maintaining communications in a patient portal so that messages can be accessed by other clinicians in the EHR, but a tool or process may be devised which imports email and SMS communications into the EHR (I've had one doc tell me that she would gladly transcribe the messages herself if her institution would permit email communication with patients) and, in any event, it is the patient's right to use these other modes of communication. The privacy rule permits email communication, and the security rule permits email communication as well. They have for years; this is not a HITECH Act innovation.

One would have hoped that OCR could have brought guidance such as this to the table earlier than one week before the compliance date. There are other deficits in guidance under this rule, too, notably the situation that led to a lawsuit over HIPAA regulations and medication adherence reminders.

Bottom line: The model NPP is a useful tool. Covered entities under HIPAA will need to customize their notices to their own circumstances, and get them ready to roll pronto.

I had proposed to develop a more comprehensive, and patient-focused, form of NPP via the Hacking HIPAA project, though unfortunately — while it attracted some attention — that project didn't get sufficient traction. Even ONC staff thought part of the approach was worthwhile:

Standard legal lang. for patient e-access really would help. Too bad project wasn't funded..what now? @ieslick @fredtrotter @healthblawg

β€” claudiawilliams (@claudiawilliams) September 8, 2013

Have I mentioned that the compliance date is September 23?

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

Filed Under: Compliance, Health care policy, Health Law, HIPAA, ONC, Privacy, Security

you might also like:

  1. Smile! Privacy Policy Snapshot ~ Model Privacy Notice

  2. HIPAA Audits: OCR Finally Announces Phase 2

  3. OCR Releases HIPAA Privacy and Security Audit Protocol

« Population Health in a Post-Fee-For-Service World, with Grace Terrell at Cornerstone Health Care
Upcoming Speaking Engagements and Conferences »

Follow me on Twitter

David Harlow πŸ’‰πŸ˜· Follow 42,909 17,568

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
24m 1620524933863378944

ICYMI> Paul Schrimpf, at Prophet Consulting, Driving Health Care Transformation β€” Harlow on Healthcare https://healthblawg.com/2022/12/paul-schrimpf-prophet-consulting.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Paul Schrimpf, at Twitter feed image.
Reply on Twitter 1620524933863378944 Retweet on Twitter 1620524933863378944 0 Like on Twitter 1620524933863378944 0 Twitter 1620524933863378944
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
6h 1620445622955278337

Moonshots β€” StartUp Health https://paper.li/healthblawg/1369855999?read=https%3A%2F%2Fwww.startuphealth.com%2Fmoonshots #hcldr

Reply on Twitter 1620445622955278337 Retweet on Twitter 1620445622955278337 0 Like on Twitter 1620445622955278337 0 Twitter 1620445622955278337
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
6h 1620445621772587008

Harlow on Health Care is out! #healthcare #hcldr #hcsm #HIT #healthreform #HIPAA

Image for twitter card

Moonshots β€” StartUp Health

startuphealth.com At StartUp Health, we invest in the most innovative health entrepreneurs in the world β€” our glob...

paper.li

Reply on Twitter 1620445621772587008 Retweet on Twitter 1620445621772587008 0 Like on Twitter 1620445621772587008 0 Twitter 1620445621772587008
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]