Compare and contrast the policies and recommend which you would select for adoption in your organization.

Subject: Health Information Management Law & Ethics

Title: Notice of Privacy Practices

Policies relating to Notices of Privacy are required by HIPAA for covered entities and business associates. As the Director of HIM you have been asked to review the requirements and recommend a policy for adoption by the acute care hospital for which you work.

Review the requirements of the Notice of Privacy Practices from HHS at the link below.

Evaluate the two sample Notice of Privacy Practice policies provided by clicking on the link below. Compare and contrast the policies and recommend which you would select for adoption in your organization. Support your decision and indicate if any revisions would be needed to your selected policy in order to make it compliant with the HIPAA guidelines. You are also encouraged to research other sample forms available on the internet or through your personal experiences for additional benchmarking ideas.

Sample Notice of Privacy Practices Presence Health Care

Sample Notice of Privacy Practices Boston Medical

APA Format with references, and cite if needed. Submit your completed assignment by following the directions linked below. Please check the Course Calendar for specific due dates.Save your assignment as a Microsoft Word document.

Note: The Rubric is not available at this time I will update the attached file information when it becomes available

Module 7- Lesson Content & Rubric

Links Found in the Assignments

Notice of Privacy Practices from HHS at the link below.

Evaluate the two sample Notice of Privacy Practice policies provided by clicking on the link below.

Sample Notice of Privacy Practices Presence HealthCare



Sample Notice of Privacy Practices Boston Medical



Defining HIPAA Privacy

Health Information Management professionals have long been guided by their educational training and professional ethics on matters relating to patient privacy. For HIM professionals the HIPAA Privacy rule in many cases did not seem to require a radically different set of requirements, but what it did provide was both a standardization of the many requirements and a mechanism for taking those professional ethical responsibilities and values and reflecting them in the law. HIM professionals must not only thoroughly understand the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule but should be able to provide privacy training at a department level and perhaps even an organizational level depending on their role in the organization. Review of the Privacy Rule’s history, purpose and goals along with its numerous components is required in order to be able to participate in or lead the process of not only training but of participation in the development of organizational policies and procedures which provide for organizational compliance. Understanding of the key aspects of the rule such as covered entities, business associates, protected health information, designated record set, and personal representatives is necessary along with key documents essential to the rule. In addition to what has been the more “traditional” policies relating to confidentiality and privacy including, the patient’s right to access his or her health information and preemption issues. newer matters related to disclosing of health information for marketing, research, fundraising and other purposes are also areas which must be understood and addressed at the organizational level.

HIPAA was signed into law on August 21, 1996, regulating the privacy of patient health information. This law was an effort to reduce costs of health care and stream line the fragmented and complicated health care system. HIPAA is a sweeping reform law that affects virtually everyone in the U.S. health care system – patients, providers, payers, and intermediaries, such as pharmacies and medical device companies. The four objectives are to:

  • Improve the portability of health insurance
  • Combat fraud, abuse, and waste in health care
  • Promote the expanded use of medical savings accounts
  • Simplify the administration of health insurance

Five major categories are covered under HIPAA:

Title I: Insurance Portability
Title II: Administrative Simplification
Title III: Medical Savings and Tax Deduction
Title IV: Group Health Plan Provisions
Title V: Revenue Offset Provisions

Title II, Administrative Simplification, is the section of HIPAA that affects most health care providers, insurance companies, and clearinghouses. Within this law, the Title II provisions were meant to make it easier and cheaper to electronically transmit health information. However, Congress realized that widespread electronic transmission of a patient’s health information could affect a patient’s privacy. Subsequently, Congress mandated that the Department of Health and Human Services (HHS) was responsible for developing detailed privacy standards. The Privacy Rule went into effect on April 14, 2011, and required that all “covered entities” must be in compliance with the privacy, security and electronic-data provisions by April 14, 2033. These rules are meant to ensure

  • Standardization of electronic patient health records; administrative and financial data, including health care claims, health care payment, and remittance advice; health claim status; enrollment and disenrollment in a health care plan; eligibility in a health care plan; and health care premium payments
  • Unique identifying codes for all health care providers, health care plans, employers, and individuals
  • Security of electronic health information with standards protecting the confidentiality and integrity of individually identifiable health information, past, present and future

The Privacy Rule applies to Protected Health Information (PHI), which refers to any individually identifiable information that relates to all past, present, and future physical or mental conditions or the provision of health care to an individual. For example, information such as a patient’s name, age, gender, and medical diagnosis are all PHI. This information can be oral or recorded in any form or medium, such as with electronic transmission.

HIPAA requires the covered entities to limit the disclosures to only the minimum information necessary to carry out the medical treatment. Under HIPAA, this information can be conveyed to vendors, such as health insurance carries, if they have obtained a written assurance (contract) from the vendor that the information will be protected. These standards to protect the PHI are in effect even if the patient is deceased.

The following PowerPoint presentation will guide your note taking as you explore the key concepts related to the HIPAA Privacy Rule.

Fundamentals of Laws for HI and IM, Chapter 9

Additional Resources

Summary of the HIPAA Privacy Rule HIPAA Compliance Assistance


HIPAA violation in Modern Health Care


“Get 15% discount on your first 3 orders with us”
Use the following coupon

Order Now