According to HIPAA guidelines, a compliant NPP must be written in plain language and include the following elements:
Based on your request, here is the proper content covering the Notice of Privacy Practices (NPP) requirement for covered entities, often referenced in 2026 updates, particularly regarding the handling of sensitive patient information.
As of early 2026, proper documentation must address updated compliance regulations, particularly concerning Substance Use Disorder (SUD) records and enhanced privacy rules: Hotas_zip
A statement informing individuals they can file complaints with the entity or the Secretary of HHS without fear of retaliation.
A description of how the entity may use and disclose protected health information (PHI) for treatment, payment, and health care operations. According to HIPAA guidelines, a compliant NPP must
A statement that the entity is required by law to maintain the privacy of PHI and provide notice of its legal duties.
If SUD records are used for fundraising, a clear, conspicuous opportunity for individuals to opt out of communications. A statement that the entity is required by
A statement that information disclosed by a covered entity could potentially be re-disclosed by the recipient and no longer protected by HIPAA. Structure of the Document Title: Notice of Privacy Practices. Effective Date: The date the notice is effective. Introduction: Purpose of the notice.