Now let’s discuss the covered entities duty to provide Notice:
The law also broadens the scope of covered entities’ Notice of Privacy Practices or other general notices to inform patients about how their e-PHI is used and disclosed. Note that for some entities, this will mean the need to issue a notice if the PHI is subject to electronic disclosure, e.g., for entities such as business associates that would not be required to issue a Notice of Privacy Practices under the HIPAA Privacy Rule.
A covered entity shall provide notice to an individual for whom the covered entity creates or receives protected health information if the individual's protected health information is subject to electronic disclosure. A covered entity may provide general notice by:
- posting a written notice in the covered entity's place of business;
- posting a notice on the covered entity's Internet website; or
- posting a notice in any other place where individuals whose protected health information is subject to electronic disclosure are likely to see the notice.