Dental Records and HIPAA

Due to the widespread use of electronic recordkeeping, the Health Insurance Portability and Accountability Act (HIPAA) is of particular importance to dentists and their practices. According to HIPAA, any dentist who conducts certain transactions in electronic form is known as a “covered entity” and is subject to HIPAA’s rules and regulations.

Under HIPAA, a covered entity must take precautionary measures to protect electronic patient information. Such patient information is referred to as Protected Health Information, which is individually identifiable health information. For example, an individual’s past, present or future dental condition, the provision of dental care given to that individual, or any other information such as a Social Security number or address that identifies the individual are all protected.

In January 2013, US Department of Health and Human Services strengthened and expanded HIPAA, expecting compliance by September 2013. Those amendments impose additional restrictions on the use and disclosure of patient health information for marketing, increases the monetary penalties for violations, and requires authorization from a patient before selling patient health information. Additionally, HIPAA expands patients’ rights with regards to their records. It enables patients to ask for changes in their dental records, request dental providers not to disclose information, and ask that communication be confidential or through alternative means.

In order to comply with HIPAA, a dental practice must perform a risk assessment and develop safety procedures to ensure the confidentiality of a patient’s electronic records. Such procedures consist of privacy personnel and workforce training, notice of privacy practices, policies for restricting access and protecting routine disclosures, and other security requirements.

With regards to the regulation, HIPAA tasks the Office of Civil Rights within the Department of Health and Human services with enforcing its rules and regulations. The Office of Civil Rights has the power to conduct compliance reviews and investigate complaints. Additionally, the department holds the power to issue civil monetary penalties if it concludes that a violation has occurred. In determining the amount of the fine, the department considers the number of individuals affected, the time period during which the violation occurred, whether the violation caused physical, financial, or reputational harm, and a number of other factors.

Overall, HIPAA requires dentists to conform with policies and procedures that require extreme caution with a patient’s records. Thus, it is important for a dental practice to be informed of these procedures and understand how to manage their practice in a way that complies with the law.

By: Wayne Satterfield