HIPAA Notice of Privacy Practices for Optometrists
Optometrists and eye care practices that submit vision or medical insurance claims electronically are HIPAA covered entities. You need a Notice of Privacy Practices — provided to patients at first service, posted on your website, and displayed in your office — aligned to the HHS February 2026 model.
Quick facts for optometry practices
- Accepting VSP, EyeMed, or any electronic vision plan triggers HIPAA covered entity status
- Your NPP must reflect the HHS February 2026 model — the 2013 version is out of compliance
- The NPP applies to all PHI you maintain, including prescription records and medical eye care notes
- Multi-location practices can use a single NPP if all locations operate under one entity
- Patients must receive the NPP at their first eye exam appointment
Vision insurance and HIPAA covered entity status
Many optometrists assume HIPAA is only for medical practices. But HIPAA's covered entity definition turns on whether you transmit health information electronically in standard transactions — and vision plan claims (VSP, EyeMed, Davis Vision, Spectera) qualify as standard health care transactions. If you submit any vision plan claims electronically, you are a covered entity.
Optometrists who also perform medical eye care and bill medical insurance (for conditions like glaucoma, diabetic eye exams, or dry eye) are doubly covered. The NPP must cover all PHI your practice maintains — both routine vision records and medical eye care records.
What your optometry NPP must include
- Uses and disclosures for treatment (referrals to ophthalmology), payment (vision and medical claims), and healthcare operations
- Patient rights: access to records, requests for amendment, accounting of disclosures, restriction requests, and confidential communications
- Privacy Officer contact information
- Complaint process with HHS OCR contact details
- Effective date and supersede date if replacing a prior NPP
NPP distribution for eye care practices
- Provide at the patient's first eye exam and request written acknowledgment
- Post on your practice website (required, not optional)
- Display in the waiting room or at the front desk
- Update and redistribute when your privacy practices materially change
Frequently Asked Questions
Do optometrists need a HIPAA NPP?▼
Yes, if you submit electronic claims to vision plans or medical insurance. Optometrists who accept any insurance electronically are HIPAA covered entities and must maintain a compliant NPP under 45 CFR § 164.520.
Does accepting VSP or EyeMed make me subject to HIPAA?▼
Yes. Electronic vision plan claims qualify as standard health care transactions under HIPAA, making you a covered entity. This applies whether you submit claims directly or through a clearinghouse or billing service.
My NPP is from 2021 — is it still compliant?▼
No. The HHS February 2026 revision was a material change. Any NPP based on the 2013 model (or any version predating February 2026) must be updated. See how to update your NPP.
Can I post the NPP as a PDF on my website?▼
Yes. HHS requires that the NPP be available on your website but does not mandate a specific format. A PDF link on your website satisfies the posting requirement. NPP Generator produces both a clean PDF and an editable Word document.
Generate your optometry practice NPP in under 5 minutes.
HHS February 2026 model, PDF + editable Word. Post on your website and hand out at first exams. $49 one-time — no subscription.
Start your NPP — $49Free watermarked preview available. See sample →