# HIPAA Notice of Privacy Practices Checklist Template

> **Customization required.** This template is provided for policy operations and counsel review. Replace every `NEXQ-reviewed value`, verify every factual statement, and confirm applicability before publication. The template is not legal advice and does not create an attorney-client relationship.

**Effective date:** September 18, 2024  
**Last updated:** September 18, 2024  
**Owner:** NEXQ privacy, security, and legal operations  
**Applies to:** NEXQ websites, web applications, protected workspace surfaces, mobile app surfaces, APIs, secure healthcare and healthtech workflow demonstrations, quantum encryption, diagnostics, oncology, longevity, research collaboration, support, and related services

This is a checklist/template aid for covered entities. It is not a complete substitute for a HIPAA Notice of Privacy Practices drafted by healthcare counsel.

## Required elements to customize
- Covered entity name and contact information.
- HIPAA Privacy Officer and complaint contact.
- Effective date.
- Uses/disclosures for treatment, payment, and healthcare operations.
- Uses/disclosures requiring authorization.
- Uses/disclosures with opportunity to agree or object.
- Uses/disclosures permitted or required by law.
- Patient rights: access, amendment, accounting, restrictions, confidential communications, paper copy, breach notification.
- Covered entity duties: maintain privacy, provide notice, follow notice terms, notify affected individuals following breach.
- Complaint procedure and no retaliation statement.
- State-specific rights and stricter health privacy rules.
- Substance-use, mental health, reproductive health, HIV/STI, genetic, minor, and sensitive categories where applicable.

## Software-specific supplement
The covered entity may use software vendors, cloud providers, business associates, patient portals, telehealth, remote monitoring, AI-assisted documentation, and interoperability tools. The NPP should align with actual operations and BAAs.
