Model Notices of Privacy Practices

The HIPAA Privacy Rule requires health plans and covered health care providers to develop and distribute a notice that provides a clear, user friendly explanation of individuals’ rights with respect to their personal health information and the privacy practices of health plans and health care providers.

As of February 16, 2026, these HIPAA covered entities are required to include information about substance use disorder (SUD) patient records (described in 42 U.S.C. 290dd-2(a) and 42 CFR part 2 (“Part 2”)) in their notice of privacy practices (NPP). Additionally, federally assisted SUD treatment programs are required to provide a new patient notice by February 16, 2026, that is aligned more closely with the HIPAA NPP. This page provides options for meeting the requirement to create HIPAA NPPs and Part 2 patient notices.

Find more information about the:

Model Notice Templates

HHS developed these model notices to help improve patient experience and understanding and to assist health care entities to meet new requirements. The models reflect the regulatory changes of the 2024 Part 2 Final Rule and the Part 2-related provisions of the 2024 HIPAA Privacy Rule Final Rule. Regulated entities may use these models by entering their specific information.

Revised February 2026 Model Notices of Privacy Practices (NPPs)

Part 2 programs that are also covered entities under HIPAA are allowed to create a combined notice that meets the requirements of both the HIPAA NPP and the Part 2 Privacy Notice.

Covered entities and Part 2 programs must:

  • make their notices available to any person who asks for it.
  • must prominently post and make available their notices on any web site they maintain that provides information about their customer services or benefits.

*The OCR notices of privacy practices are still undergoing Section 508 conformance changes. If you need assistance, please reach out to OCRPrivacy@hhs.gov.

Content created by Office for Civil Rights (OCR)
Content last reviewed