Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » HIPAA » HIPAA Privacy Practices

HIPAA Privacy Practices

Covered entities must provide a Notice of Privacy Practices (Privacy Notice) to every individual whose PHI is processed by them. Healthcare providers send this notice to new enrollees during initiation and at least once every three years to the existing ones. Self-insured health plans create their own Privacy Notices, while fully insured plans rely on their insurance issuers for this.

How to provide the notice?

  • Any person who requests the Privacy Notice should receive it
  • The notice must be prominently displayed on the entity’s website if it provides customer service or benefit information there
  • Health plans must give the notice to current members by April 14, 2003 (or April 14, 2004, for smaller plans) and to new enrollees during enrollment
  • If the notice changes significantly, it should be reissued within 60 days
  • Covered Direct Treatment Providers must give the notice to patients at the first service encounter, and efforts should be made to get a written acknowledgment
  • For online or electronic service delivery, an electronic notice should be sent upon the patient’s request
  • In emergencies, the notice should be provided as soon as possible, and acknowledgment is not required
  • The latest notice reflecting any changes should be available for patients to take and be prominently displayed at the provider’s facility
  • If a patient agrees, the notice can be sent via email

Additional reading

Three tips for avoiding the consequences of non-compliance

Tips to Avoid Consequences of Non-Compliance

According to GlobalSCAPE, the average price of noncompliance is 2.71 times higher than that of compliance. The consequences of noncompliance have become a significant concern today. Failing to adhere to cyber security can go beyond reputational damage and can have devastating repercussions for your business. If you’re a business owner, understanding these consequences is not…
Top 5 CMMC Software Solutions: Enhance Your Cybersecurity Posture

Top 5 CMMC Compliance software in 2025

The Cybersecurity Maturity Model Certification (CMMC) of the Department of Defence (DoD) is an assessment standard created to make sure that defense contractors are in line with the most recent security standards for safeguarding sensitive defense information.  The program is anticipated to start in late 2023, after which CMMC will start to appear in business…
An Expert Guide To GDPR Data Mapping

GDPR Data Mapping Template: Essential Practices and Compliance Strategies

GDPR Data Mapping is the process of indexing and recording how your business collects data, stores data, and uses it internally and on external channels. it gives organizations a clear picture of their data, enabling them to identify and mitigate risks, such as data breaches, unauthorized access, and data loss. A data map essentially is a…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.