Health Insurance Portability And Accountability Act (HIPAA)

Although many dental offices are self-contained entities, the HIPAA rules for dentists apply to any dental office that may send claims, eligibility requests, pre-determinations, claim status inquiries or treatment authorization requests electronically.

Furthermore, policies must be developed to instruct dental office employees on procedures for the use, disclosure and safeguarding of the PHI – not only to patients and colleagues, but also to business associates and third-party service providers.

Our HIPAA Policy binder is readily available for all patients to review.

The HIPAA Rule for Dentists  consists of the Privacy Rule (2003), Security Rule (2005) and Breach Notification Rule (2009). Dentists and Dental Offices should also ensure they are familiar with any relevant changes to these Rules enacted in the HITECH Act (2009) and Final Omnibus Rule (2013). The key areas of the HIPAA Privacy 

Rule for dentists are:

· The personal identifiers considered to be Protected Health Information.

· The permissible uses and disclosures of Protected Health Information.

· Safeguards to implement to protect the privacy of patient health information.

· An explanation of the Minimum Information Necessary rule.

· Restrictions on the use of Protected Health Information for marketing.

· Patient access to medical information and notice of privacy practices.

HIPAA does not completely prohibit using emails and texts to communicate with patients or other providers about patients, but HIPAA does require dentists to use security measures when doing so, such as encryption or secure messaging platforms. Alternatively, dentists must to obtain consent from patients to send protected information via unsecured email.

A crucial step in maintaining HIPAA compliancy is performing a thorough Security Risk Assessment.

This is not a one-and-done analysis.  It is performed regularly by an independent third party. Additionally, we have a corresponding risk management plan in place to fix any compliance issues or vulnerabilities discovered. 

As advised, we use a professional HIPAA compliance software through a third party to complete this self-assessment for the office. The process not only completes the analysis, but it also provides plans to remediate any compliance holes it finds.

After a successful SRA, we display this accomplishment on our website so visitors are assured our organization complies with HIPAA Security for their personal and protected health information.   We use SecureTrust, a division o Trustwave.