Complete checklist of HIPAA Privacy Rule requirements (45 CFR Part 164, Subpart E). Ensure your organization protects patient privacy rights and handles PHI appropriately.
0 of 38 requirements completed
0/7
0/11
0/10
0/4
0/6
The Privacy Rule was updated in April 2024 to strengthen protections for reproductive healthcare information. This checklist includes the new requirements for restricting disclosures of PHI related to lawful reproductive health care.
Provide a Notice of Privacy Practices to all patients explaining how PHI may be used and disclosed, and outlining their rights.
Make good faith effort to obtain written acknowledgment from patients that they received the Notice of Privacy Practices.
Provide individuals with access to their PHI in a designated record set within 30 days (with one 30-day extension allowed).
Allow individuals to request amendments to their PHI and either accept the amendment or provide written denial with opportunity to submit statement of disagreement.
Provide individuals with an accounting of disclosures of their PHI for the past six years (excluding treatment, payment, operations, and certain other disclosures).
Allow individuals to request restrictions on uses and disclosures of PHI. Must honor requests to restrict disclosures to health plans when individual paid out of pocket in full.
Accommodate reasonable requests by individuals to receive communications of PHI by alternative means or at alternative locations.