HIPAA Notice of Privacy Practices for Hospice Providers
Hospice organizations are HIPAA covered entities. Every hospice that bills Medicare or Medicaid electronically — which is effectively every Medicare-certified hospice — must maintain a compliant Notice of Privacy Practices and provide it to patients (or their representatives) at the start of hospice care.
Quick facts for hospice organizations
- Medicare-certified hospices are HIPAA covered entities — the NPP is required, not optional
- The NPP must be provided at the start of hospice care, to the patient or their representative
- Your NPP must reflect the HHS February 2026 model — the previous version is out of compliance
- For patients who cannot communicate: deliver to healthcare proxy or personal representative
- Hospices with affiliated SUD or behavioral health programs may need Part 2 language
Hospice and HIPAA covered entity status
Hospice organizations qualify as HIPAA covered entities because they transmit health information electronically as part of the Medicare Hospice Benefit billing process. Submitting OASIS assessments, billing UB-04 claims electronically, and processing Medicare remittance advice electronically all constitute standard electronic transactions under HIPAA.
The Medicare Conditions of Participation (CoPs) for hospice also require patient rights documentation. This overlaps with but does not substitute for the HIPAA NPP requirement — hospice organizations must satisfy both.
Hospice-specific NPP distribution challenges
Hospice care presents unique NPP distribution challenges because patients are often seriously ill, cognitively impaired, or unable to communicate. HIPAA accommodates this through the personal representative framework:
- Communicate directly with patients who have capacity at the time of admission
- Personal representative delivery for patients who lack capacity — identify the healthcare proxy, DPOA, or next-of-kin and provide the NPP to them
- Document delivery in your admission records, including who received the NPP and any acknowledgment
- Post on your website — required for hospice organizations with a web presence
What your hospice NPP must include
- Treatment disclosures — care coordination among the interdisciplinary hospice team, attending physician, and inpatient hospice facility
- Payment disclosures — Medicare Hospice Benefit billing, Medicaid, and secondary insurance
- Patient rights — access to records, amendment requests, accounting of disclosures, right to restrict disclosures to health plans for out-of-pocket services
- Privacy Officer contact information
- Complaint procedure including HHS OCR information
- Effective and supersede dates
Frequently Asked Questions
Do hospice organizations need a HIPAA NPP?▼
Yes. Hospice organizations are HIPAA covered entities and must provide a Notice of Privacy Practices at the start of care. The NPP must also be posted on your website under 45 CFR § 164.520.
What if a patient enters hospice and is not able to receive the NPP themselves?▼
Provide the NPP to the patient's personal representative — healthcare proxy, durable power of attorney for healthcare, or legal next of kin. Document the delivery and any written acknowledgment in the admission record.
Can a hospice and affiliated home health use the same NPP?▼
If both operate under the same legal entity, yes — one NPP can cover the entity's full range of services. If they are separate legal entities, each needs its own NPP. Confirm your corporate structure before sharing an NPP across organizations.
Is our 2020 hospice NPP still compliant?▼
No. The HHS February 2026 model is the current compliance standard. Any NPP based on a pre-2026 template must be updated and redistributed. See how to update your NPP.
Generate your hospice NPP in under 5 minutes.
HHS February 2026 model, PDF + editable Word. Include in your admission packets and post on your website. $49 one-time — no subscription.
Start your NPP — $49Free watermarked preview available. See sample →