As many of you now know there have been some recent changes to HIPAA’s Privacy Rule for dental offices. Some of the HIPAA Amendments will directly affect what you have already done to comply with the HIPAA Privacy and Security Rule. Important to note that these rules and regulations are now in effect and you must be in compliance with them.

There are 3 main areas of the new HIPAA regulations where dental offices need to be concerned.

#1 HIPAA regulation change – Notice of Privacy Practices

Notice of Privacy Practices is a single document explaining and outlining your patient privacy program. You must include a signed copy of this in each patient file. Please keep in mind, you are only required to give a copy of your new Notice of Privacy Practices to and obtain a good faith acknowledgment of receipt from new patients. For existing patients starting Sept. 23, 2013, you need to have posted the new Notice of Privacy Practices in a clear and prominent location in your office as well as on your dental website, if you have one.

#2 HIPAA regulation change – Breach Notification Rule

The HIPAA Amendments clarify that a “breach” is any impermissible use or disclosure of protected health information unless it can be shown that there is a low probability that the impermissibly used or disclosed protected health information has been actually compromised. In all situations where you cannot demonstrate such a low probability that protected health information has actually been compromised, the breach notification rules must be complied with.

In determining whether the risk is sufficiently low, you must conduct a risk assessment that considers at least the following factors: the nature and extent of the protected health information involved;
the identity of the person who used the protected health information and those to whom the disclosure was made; whether the protected health information was actually acquired or reviewed; and the extent to which the risk to the protect health information has been mitigated.

If you have questions or concerns about what constitutes a breach or whether or not your assessment is sufficient feel free to call to speak with a specialist today. 800.522.0800

#3 HIPAA regulation change – Business Associates

Business associates are now directly liable for compliance with the HIPAA Privacy Rule and Security Rule. The HIPAA Amendments contain a number of modifications to implement the provisions of the HITECH Act. For example, business associates must comply, when applicable, with the Security Rule with respect to safeguarding electronic protected health information and report security breaches.

SmartPractice HIPAA Business Associate forms and labels make it easy to properly notify your business associates – referring physicians, labs, hospitals and pharmacies – of their responsibilities in handling your patients’ health information.