MFMP should provide the NPP to all its patients on the first encounter and when there are material changes to the NPP. MFMP violates HIPAA by not providing and updating the NPP; patients have the right to receive the NPP. The NPP explains the responsibility of the covered entity to protect PHI, how the covered entity uses and disclosures PHI, and it explains the individual’s right.
2. Is it a HIPAA violation with respect to telephone consultations (that is, where a patient is not seen face-to-face by a provider at MFMP?) Why or why not?
If a patient’s encounter is not face-to-face and takes place over the phone, the covered entity should promptly mail the NPP to the patient after the telephone consultation. MFMP violates HIPAA by not providing the NPP to …show more content…
Copies of the NPP are maintained in a drawer and given to patients who specifically request a copy. Is this adequate to maintain HIPAA compliance?
Providing the NPP to only patients who request it is not adequate to maintain HIPAA compliance. The NPP must be provided to all new patients, and if patients request a copy of the NPP, even if it is not the first encounter, it must be provided to the patient.
5. What do you foresee as long-term consequences if MFMP continues its practice of not providing NPPs to its patients?
MFMP might face legal actions by not providing the NPP to the patients. The NPP clearly states how the covered entity will share, use, and disclose PHI. Without the NPP, the covered entity cannot protect itself. By obtaining a written acknowledgment from patients, the covered entity has the legal document that indicates the NPP was provided to the patients. Patients by signing the NPP confirm that they have received the NPP and understand how the covered entity will use their information. Therefore, by providing the NPP, covered entity protects itself from legal