There has been confusion as to whether the Affordable Care Act’s nondiscrimination provision (“ACA”) affects a covered entity’s notice of privacy practices (“NPP”) or data breach notifications. OCR has issued guidance indicating that ACA does indeed impact NPPs. Moreover, breach notifications also likely are affected.
Accordingly, if they have not already done so, covered entities should consider updating their NPPs to include the required nondiscrimination language and “taglines” in different languages. Covered entities also should address their breach notification policies, procedures, templates, processes, and checklists so that any required ACA language and taglines are included in any breach notifications going to individuals.