Privacy Policies and Procedures - Bound by Unchanged Notice, v1.0
Specifies requirements and restrictions for health care related organizations on how to change the privacy practices in the privacy notice if revisions are necessary.
These assessments apply only if a covered entity has not reserved its right under Section 164.520(b)(1)(v)(C) to change a privacy practice that is stated in the privacy notice.
Assessment Steps (2)
1
Bound by Practices Without Reserve Right to Change (BoundbyPracticesWithoutReserveRighttoChange)
Does the covered entity have policies and procedures to realize that it is bound by the privacy practices as stated in the notice, without having reserved the right to change them, with respect to protected health information created or received while such notice is in effect?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
|
2
Change Practices Without Reserve Right to Change (ChangePracticesWithoutReserveRighttoChange)
Does the covered entity have policies and procedures to change a privacy practice that is stated in the privacy notice, and the related policies and procedures, without having reserved the right to do so, provided that:
Artifact
A2
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
|
Conformance Criteria (1)
Privacy Practice Changes
If a covered entity has not reserved its right under Section 164.520(b)(1)(v)(C) to change a privacy practice that is stated in the privacy notice, the covered entity is bound by the privacy practices as stated in the notice with respect to protected health information created or received while such notice is in effect. A covered entity may change a privacy practice that is stated in the notice, and the related policies and procedures, without having reserved the right to do so, provided that:
Citation
HIPAA-Privacy-Rule
45 CFR Section 164.530(i)(4)(ii)
|