HIPAA Notification Requirements

The purpose of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 is to protect "individually identifiable health information (IIHI)". HIPAA covers the requirements as they relate to "covered entities," including health care providers, health insurance companies, billing companies, employers and anyone else who comes into contact with health care information. HIPAA explains how these requirements are to be met and how employees of any "covered entity" must be trained.

Patient Notifications

Patients must receive written notification of their rights when they visit a new health care provider for the first time. These rights include the right to have a printed copy of the written notification document, the right to ask for restrictions on who has access to protected health information (PHI) and how that information is used, the right to receive confidential communications concerning care, the right to see and obtain copies of PHI, the right to correct PHI and the right to know who has had access to PHI. Patients must be notified if their PHI is compromised and how to register a complaint. Notification of these rights must also be posted where patients can see them and may include posting in the treatment room, in the waiting area and in the business office.

Human Resource Notifications

Employees have the right to know their PHI is protected at work. HIPAA notification may accompany any new hire packet if the company provides health care information or will have access to PHI. Companies that require drug screens, periodic physicals or a physical following an on-the-job accident will have specific PHI in conjunction with these medical procedures. Employees have the right to receive written notification of their rights and assurance that their health care records are kept confidential.



Human resource employees are required to understand how HIPAA applies to them. They not only have a right to be notified about the regulations; the company must provide training regarding HIPAA. Online training, on-site training and written manuals are all methods to conduct the training and supply appropriate notification of rights and obligations.

Health Care Notifications

Every health care provider or agency has been notified that they must have written policies describing HIPAA compliance procedures. HIPAA regulations state that all health care offices must have written HIPAA information and authorization release forms to provide to patients, HIPAA compliance training for staff, a HIPAA compliance officer, procedures to safeguard patient information and must provide information on how to file a HIPAA violations complaint. Most health care organizations include a HIPAA notification on all fax cover sheets because HIPAA specifically covers the electronic transfer of PHI. Typical wording requests destruction of the document and immediate notification if you receive a fax transmission from a covered entity by mistake.