Notice of Privacy Practices

Why you are receiving a Notice from your doctors and health plan

Your health care provider and health plan must give you a notice that tells you how they may use and share your health information and how you can exercise your health privacy rights. In most cases, you should get this notice on your first visit to a provider or in the mail from your health insurer, and you can ask for a copy at any time.  The provider or health plan cannot use or disclose information in a way that is not consistent with their notice. 

Why you are asked to “sign” a form

The law requires your doctor, hospital, or other health care provider you see in person to  ask you to state in writing that you received the notice.  Often, that means the doctor will ask you to sign a form stating that you received the notice that day.

  • The law does not require you to sign the “acknowledgement of receipt of the notice.” 
  • Signing does not mean that you have agreed to any special uses or disclosures of your health records. 
  • Refusing to sign the acknowledgement does not prevent the entity from using or disclosing health information as the Rule permits it to do. 
  • If you refuse to sign the acknowledgement, the provider must keep a record that they failed to obtain your acknowledgement.

What is in the Notice

The notice must describe:

  • the ways that the Privacy Rule allows the covered entity to use and disclose protected health information. It must also explain that the entity will get your permission, or authorization, before using your health records for any other reason.
  • the covered entity’s duties to protect health information privacy.
  • your privacy rights, including the right to complain to HHS and to the covered identity if you believe your privacy rights have been violated. 
  • how to contact the entity for more information and to make a complaint.

When and how you can receive a Notice of Privacy Practices

  • Most covered health care providers must give notice to their patients at the patient’s first service encounter (usually at your first appointment).  In emergency treatment situations, the provider must give the patient the notice as soon as possible after the emergency.  It must also post the notice in a clear and easy to find location where patients are able to read it.  
  • A health plan must give its notice to each new enrollee at enrollment, and send a reminder to every enrollee at least once every three years that the notice is available upon request. A health plan can give the notice to the “named insured,” that is, the subscriber for coverage. It does not also have to give separate notices to any covered spouses and dependents.
  • A covered entity must give a copy of the notice to anyone who asks for one.  If a covered entity has a web site for customers, it must post its notice in an obvious spot there.


Most of us feel that our health information is private and should be protected. That is why there is a federal law that sets rules for health care providers and health insurance companies about who can look at and receive our health information. This law, called the Health Insurance Portability and Accountability Act of 1996 (HIPAA), gives you rights over your health information, including the right to get a copy of your information, make sure it is correct, and know who has seen it. Get It. You can ask to see or get a copy of your medical record and other health information. If you want a copy, you may have to put your request in writing and pay for the cost of copying and mailing. In most cases, your copies must be given to you within 30 days.

Check It. You can ask to change any wrong information in your file or add information to your file if you think something is missing or incomplete. For example, if you and your hospital agree that your file has the wrong result for a test, the hospital must change it. Even if the hospital believes the test result is correct, you still have the right to have your disagreement noted in your file. In most cases, the file should be updated within 60 days.

Know Who Has Seen It. By law, your health information can be used and shared for specific reasons not directly related to your care, like making sure doctors give good care, making sure nursing homes are clean and safe, reporting when the flu is in your area, or reporting as required by state or federal law. In many of these cases, you can find out who has seen your health information.

You can: Learn how your health information is used and shared by your doctor or health insurer. Generally, your health information cannot be used for purposes not directly related to your care without your permission. For example, your doctor cannot give it to your employer, or share it for things like marketing and advertising, without your written authorization. You probably received a notice telling you how your health information may be used on your first visit to a new health care provider or when you got new health insurance, but you can ask for another copy anytime.

Let your providers or health insurance companies know if there is information you do not want to share. You can ask that your health information not be shared with certain people, groups, or companies. If you go to a clinic, for example, you can ask the doctor not to share your medical records with other doctors or nurses at the clinic. You can ask for other kinds of restrictions, but they do not always have to agree to do what you ask, particularly if it could affect your care. Finally, you can also ask your health care provider or pharmacy not to tell your health insurance company about care you receive or drugs you take, if you pay for the care or drugs in full and the provider or pharmacy does not need to get paid by your insurance company.

Ask to be reached somewhere other than home. You can make reasonable requests to be contacted at different places or in a different way. For example, you can ask to have a nurse call you at your office instead of your home or to send mail to you in an envelope instead of on a postcard. Your Health Information Privacy Rights 2 • If you think your rights are being denied or your health information is not being protected, you have the right to file a complaint with your provider, health insurer, or the U.S. Department of Health and Human Services.

To learn more, visit