Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » HIPAA » HIPAA Privacy Practices

HIPAA Privacy Practices

Covered entities must provide a Notice of Privacy Practices (Privacy Notice) to every individual whose PHI is processed by them. Healthcare providers send this notice to new enrollees during initiation and at least once every three years to the existing ones. Self-insured health plans create their own Privacy Notices, while fully insured plans rely on their insurance issuers for this.

How to provide the notice?

  • Any person who requests the Privacy Notice should receive it
  • The notice must be prominently displayed on the entity’s website if it provides customer service or benefit information there
  • Health plans must give the notice to current members by April 14, 2003 (or April 14, 2004, for smaller plans) and to new enrollees during enrollment
  • If the notice changes significantly, it should be reissued within 60 days
  • Covered Direct Treatment Providers must give the notice to patients at the first service encounter, and efforts should be made to get a written acknowledgment
  • For online or electronic service delivery, an electronic notice should be sent upon the patient’s request
  • In emergencies, the notice should be provided as soon as possible, and acknowledgment is not required
  • The latest notice reflecting any changes should be available for patients to take and be prominently displayed at the provider’s facility
  • If a patient agrees, the notice can be sent via email

Additional reading

Top 9 Cloud Vulnerabilities in 2024

A recent report states that 4 out of 5 security vulnerabilities in organizations across all sectors originated from the cloud. The swift transition to complex cloud environments has given rise to a spectrum of cloud security issues.  According to Google Cloud Forecast 2024, threat actors will increasingly target the cloud in the upcoming year, and…
Scrut Alternatives

Scrut Alternatives: Compare 5 Competitors

Choosing the right compliance solution can be as complicated as compliance itself. Sure, you can read case studies and scan through G2 reviews. But do case studies always make a solid case for the solution itself? Or are G2 reviews the only source that you rely on? We don’t think so. So if you are…

How to write a VAPT report?

Leveraging data and data driven insights helps organizations improve their security and drive success. Data awareness empowers security teams to identify early signs of compromise, respond promptly, and tighten internal controls for the future. Vulnerability assessment and Penetration testing reports or VAPT reports, among other data sources, are crucial for gaining this situational awareness. The…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.