Notice Of Privacy Policies (NOPP)

  • Responsible Office: Privacy Office of HopeQure
    Responsible Official: Privacy Officer
  • Effective Date: Jan 20, 2020
    Last Revision: Jan 25, 2020


This policy applies to employees, contractors, consultants, temporaries, and other workers at HopeQure, including all personnel affiliated with third parties.
HopeQure has designated the Privacy and Security Officials as the officials responsible for the Development and implementation of the security/confidentiality policies and procedures. The Privacy Official (CPO) will report significant violations and compiled data to the Compliance Integrity Committee. The Privacy and Security Officials coordinate with appropriate departmental managers to ensure proper implementation of security measures, training programs and privacy rules.

Policy Statement

The HIPAA Policies, Procedures, Standards & Guidelines Booklet establish the organizational security policy for HopeQure. HopeQure is committed to managing business risk and ensuring an environment, which protects HopeQure information and information resources from accidental or intentional unauthorized use, modification, disclosure, or destruction. Adherence to HopeQure information security policies is necessary to achieve organizational security objectives of safeguarding the confidentiality, integrity, and availability of HopeQure information and information assets. To establish and implement policies and procedures for responding to an emergency or other occurrence (e.g., fire, vandalism, system failure, natural disaster) that damages systems that contain ePHI. Practice is committed to maintaining formal practices for responding to an emergency or other occurrence that damages systems containing ePHI. Practice shall continually assess potential risks and vulnerabilities to protect health information in its possession, and develop, implement, and maintain appropriate administrative, physical, and technical security measures in accordance with the HIPAA Security Rule. This document lays down the basing foundation for HIPPA implementation in HopeQure.


The intent of the HIPAA Policies, Procedures, Standards & Guidelines is to:
1.   Establish an information policy management and governance structure applicable across HopeQure.
2.   Address all the requirements of Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
3.   Comply with applicable regulatory requirements.
4.  Ensure employee, contractor, and business partner understanding and acceptance of organizational requirements for   protecting HopeQure information resources.
5.  Protect customer and employee information from unauthorized use, disclosure, modification, or destruction.
6.  Clarify management, employee, and external business associate responsibilities and duties with respect to the protection of information resources.
7.   Standardize security controls across the enterprise and coordinate the security efforts throughout HopeQure.
8.  Enable management, employees, and external business employees to make information security decisions in accordance with approved information security policies.

(See HIPAA Glossary for complete list of terms)


Covered Entity A health plan, a health care clearinghouse, or a health care provider who transmits any health information in electronic form in connection with transactions covered by the HIPAA Privacy Rule.

Designated Record Set: Medical, Clinical and billing records about an individual maintained or used individual’s treatment, appointment booking and decision making. This record set is subject to an individual’s right to request access and amendment.

Disclosure: Release, transfer, provisions of, access to, or divulgence in any manner of information outside the entity holding the information.
ePHI  is any information which is electronically Protected Health Information and is stored, accessed, transmitted or received electronically.

HIPAA Breach Unauthorized acquisition, access, use, or disclosure of unsecured PHI.

Personnel files Any information related to the hiring and/or employment of any individual who is or was employed by the Practice.

Protected Health Information or PHI, : It is known as “individually identifiable information”, as used in these policies is defined as a subset (record or transmission) of health information, including demographic information collected from an individual. It is created or received by a health care provider ( HopeQure), health plan, employer, or health care clearing house. It relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. Additionally, the information identifies the individual; or can be used to identify the individual or the past, present or future payment of health care to an individual.
Data is used to identify an individual if it contains either the name of the patient or any other data that could be taken together or used with other information in order to ascertain the dentity of  an individual (For example: date of birth, medical records number, address, phone number, email address, IP address, license numbers, photograph).

Workforce member employees, volunteers, and other persons whose conduct, in the performance of work for HopeQure, is under the direct control of such entity, whether or not they are paid by HopeQure. This includes full and part time employees, affiliates, associates, volunteers, and staff from third party entities who provide service to HopeQure.

(See HIPAA Glossary for complete list of terms)

Roles and Responsibilities

This policy is applicable to all divisions and workforce members that use or disclose electronic protected health information for any purposes. This policy’s scope includes all electronic protected health information, as described in definitions below.

  • Chief Privacy Officer (CPO) is responsible for monitoring and enforcement of this policy. Be responsible for developing, implementing, and maintaining Practice policies and procedures regarding the privacy of PHI consistent with legal requirements, including state laws applicable to the Practice.
  • Chief Information Security Officer (CISO) / Chief Technical Officer (CTO) is responsible for the overall application of the Information Security policies.

  • Security Incident Response Team (SIRT) Individuals needed and responsible to respond to a security incident and assesses the validity of the information and determines if the issue is a precursor, indication, event, or security incident.

  • HIPAA Security

    Regulatory Category: Technical Safeguards
    Regulatory Type: Required Implementation Specification for Access Control Standard
    Regulatory Reference: 45 CFR 164.312(a)(2)(ii)
    Rule Language: English

    HopeQure is committed to maintaining and protecting the confidentiality of the individual’s PHI. HopeQure is required by federal and state law, including the Act HIPAA, to protect the individual’s PHI and other personal information. HopeQure is required to provide the individual with this Notice of Privacy Practices about HopeQure policies, safeguards, and practices.


    For Details regarding HIPAA Compliance and Information Security, Contact Chief Privacy Officer and Chief Information Security Officer at , 0120-4108931.

    HopeQure presents the Notice Of Privacy Policies NOPP at HopeQure HIPAA page to all users upon first session and stores the acknowledgement in the records. An electronic copy of the NOPP is provided to the user upon request.