Contract effective date: September 18, 2024. Audit release: July 9, 2026. Runtime consent and session timestamps are recorded when users actually interact with NEXQ systems.
HIPAA Notice of Privacy Practices Checklist Template
Customization required. This template is provided for policy operations and counsel review. Replace every
NEXQ-reviewed value, verify every factual statement, and confirm applicability before publication. The template is not legal advice and does not create an attorney-client relationship.
Effective date: September 18, 2024
Last updated: September 18, 2024
Owner: NEXQ privacy, security, and legal operations
Applies to: NEXQ websites, web applications, protected workspace surfaces, mobile app surfaces, APIs, secure healthcare and healthtech workflow demonstrations, quantum encryption, diagnostics, oncology, longevity, research collaboration, support, and related services
This is a checklist/template aid for covered entities. It is not a complete substitute for a HIPAA Notice of Privacy Practices drafted by healthcare counsel.
Required elements to customize
- Covered entity name and contact information.
- HIPAA Privacy Officer and complaint contact.
- Effective date.
- Uses/disclosures for treatment, payment, and healthcare operations.
- Uses/disclosures requiring authorization.
- Uses/disclosures with opportunity to agree or object.
- Uses/disclosures permitted or required by law.
- Patient rights: access, amendment, accounting, restrictions, confidential communications, paper copy, breach notification.
- Covered entity duties: maintain privacy, provide notice, follow notice terms, notify affected individuals following breach.
- Complaint procedure and no retaliation statement.
- State-specific rights and stricter health privacy rules.
- Substance-use, mental health, reproductive health, HIV/STI, genetic, minor, and sensitive categories where applicable.
Software-specific supplement
The covered entity may use software vendors, cloud providers, business associates, patient portals, telehealth, remote monitoring, AI-assisted documentation, and interoperability tools. The NPP should align with actual operations and BAAs.