 |
164.520(b)(2) |
|
 |
|
| |
|
Optional Elements
for Notice: If CE elects to limit the uses/disclosures that it
is permitted to make under the regulations, the CE may describe its
more limited uses/disclosures in its notice, but may not include a
limitation affecting its right to make a use/disclosure required by
law or permitted under 164.512(j)(1)(i) [¶ 9.7.]. In order for
a CE to apply a change to its more limited uses/disclosures to PHI
received prior to issuance of a new notice, the notice must include
the statement permitting the CE to revise the notice as set forth
in ¶ 4.2.5.3. |
|
164.520(b)(3) |
|
|
|
| |
|
Revisions to Notice:
CE must promptly revise and distribute its notice whenever there is
a material change to the uses/disclosures, the individual's rights,
the CE's legal duties, or other privacy practices stated in the notice.
Except when required by law, a material change to any term may not
be implemented prior to the effective date of the notice reflecting
the change[¶ 4.2.8]. |
|
164.520(c)
164.520(c)(1) |
|
|
|
| |
|
Provision of Notice:
CE must make the notice available on request to any person and to
individuals specified hereunder, as applicable. |
| |
|
Health plans (not
including group health plans described in ¶ 4.1.3):
4.3.1.1. |
Must provide notice:
4.3.1.1.1. |
No later than the compliance
date for the health plan, to individuals then covered
by the plan; |
4.3.1.1.2. |
Thereafter, at the
time of enrollment, to individuals who are new enrollees;
and |
4.3.1.1.3. |
Within sixty (60) days
of a material revision of the notice to individuals then
covered by the plan. |
|
4.3.1.2. |
No less frequently than
once every three years, the health plan must notify individuals
then covered by the plan of the availability of the notice and
how to obtain the notice. |
4.3.1.3. |
Health plan satisfies ¶
4.3.1.1. by providing notice to the named insured of policy
under which coverage is provided to the named insured and dependent(s). |
4.3.1.4. |
If health plan has more
than one notice, ¶ 4.3.1.1. is met by providing the notice
relevant to the insured. |
|
|
| 164.520(c)(2)
|
|
|
|
| |
|
Providers with
a direct treatment relationship with individual must:
|
4.3.2.1.
|
Provide notice no later than the first
service delivery, including electronically delivered services,
after the compliance date or in an emergency treatment situation,
as soon as reasonably practicable after the emergency treatment
situation;
|
|
4.3.2.2.
|
Except in an emergency treatment situation,
make a good faith effort to obtain a written acknowledgment
of receipt of the notice, and if not obtained, document its
good faith efforts to obtain and reason why acknowledgement
was not obtained;
|
|
4.3.2.3.
|
If provider maintains a physical delivery
site:
|
4.3.2.3.1.
|
Have notice available at delivery
site for individuals to request to take with them;
|
|
4.3.2.3.2.
|
Post notice in a clear and prominent
location where it is reasonable to expect individuals
seeking service to be able to read it; and
|
|
|
4.3.2.4.
|
Upon revision of the notice, make it
available upon request on or after the effective date and
promptly comply with ¶ 4.3.2.2., if applicable.
|
|
|
164.520(c)(3)
|
|
|
|
| |
|
Requirements Specific
to Electronic Notice:
4.3.3.1. |
CE that maintains
a web site providing information about the CE's customer services
or benefits must prominently post its notice on the web site
and make it available electronically through the web site. |
4.3.3.2. |
CE may provide notice to an individual by email if the individual
agrees to electronic notice and such agreement has not been
withdrawn. If CE knows that email transmission has failed, a
paper copy of notice must be provided to the individual. Provision
of electronic notice is timely when it complies with ¶
4.3.1. or ¶ 4.3.2. |
4.3.3.3. |
If first service
delivery to individual is electronic, provider must provide
notice automatically and contemporaneously in response to individual's
first request for service. |
4.3.3.4. |
Individual who
receives electronic notice retains right to obtain paper copy
upon request. |
|
|
164.520(d)
|
|
|
|
|
|
Joint
notice by separate CEs: CEs that participate in an organized health
care arrangement [¶ 10.1.5.] may provide joint notice provided
that:
4.4.1. |
CEs involved
agree to abide by the terms of the notice as part of participation
in the organized health care arrangement; |
4.4.2. |
Joint notice meets the requirements of ¶ 4.2. , except
that statements may reflect that notice covers more than one
entity; and
4.4.2.1. |
Describes
with reasonable specificity the CEs, or class of entities,
to which the joint notice applies; |
4.4.2.2.. |
Describes with reasonable specificity the service delivery
sites, or classes of service delivery sites, to which
the joint notice applies; |
4.4.2.3. |
If applicable, states that the participating CEs will
share PHI with each other, as necessary, to carry out
TPO. |
|
4.4.3. |
Participating
CEs must provide notice to individuals in accordance with applicable
specifications in ¶ 4.3. Provision of the joint notice
to an individual by any one of the participating CEs will satisfy
the provisions of ¶ 4.3. with respect to all other participating
CEs. |
|
|
|
Documentation: CE must document compliance
with notice requirements by retaining copies of notices issued by
the CE and, if applicable, any written acknowledgments of receipt
of the notice or documentation of good faith efforts to obtain such
written acknowledgment, in accordance with ¶ 4.3.2.
|
|
| |
|
|
|
|
| |
|
|
|
|
