With several exceptions, every covered entity must give notice of its information privacy. Certain items must be included in the notice according to the Privacy Rule, including:
- It must outline the permitted uses and disclosures of protected health information by the covered entity.
- It is required to outline the covered entity’s obligations to uphold the Privacy Rule, disclose its privacy practices, and adhere to the conditions of the current notice.
- It must explain the individuals’ rights, including the ability to file a complaint with HHS and the covered entity if they feel their rights have been infringed upon.
- It must list a person to contact for more information and file complaints with the covered entity.