The Big Brush Blog | Treloar & Heisel Insurance Products for Dental Professionals

How You Can Review HIPAA Compliance in Your Dental Office

Written by Amy Carbone | Sep 30, 2020 1:00:00 PM

The Health Insurance Portability and Accountability Act (HIPAA) is a complex set of guidelines designed to protect the privacy and security of healthcare patients. 

Since it was first enacted in 1996, it has been revised several times to address electronic document security and to encourage the healthcare industry to convert all patients' medical records to an electronic filing system so that healthcare providers can maintain and communicate information more efficiently.

HIPAA compliance may be relevant to a practice that sends claims, eligibility requests, and other inquiries electronically. Even offices that still use paper may need to review about the proper disposal of records. 

Lapses in compliance may lead to serious fines and legal action. For that reason alone, dental HIPAA compliance is one thing you can't afford to get wrong, so make sure to review all HIPAA compliance and privacy topics with licensed legal counsel.

HIPAA Compliance and Practice Ownership

You should consider reviewing HIPAA compliance for both your practice and you as a practitioner and owner whenever you transmit patient-sensitive information digitally or deliver patient information to third parties. 

Even if you aren't sending out information stored in a digital file, electronic systems are vulnerable to data breach, which can expose sensitive patient information.

So if you own a practice, you should review with legal counsel to determine what is required to be HIPAA compliant.

HIPAA Compliance as an Associate Dentist

If you're an employee, you can look to the practice owner and office manager for guidance on HIPAA issues, to see if they have implemented relevant policies. Otherwise, you can always consult a legal professional.

Dental practices often have policies and procedures in place that are intended to comply with HIPAA and other similar rules. The policies and procedures may cover staff who have been educated about HIPAA, like associate dentists and hygienists, as well as office staff who have not been trained, like receptionists.

That’s why you may encounter HIPAA training as part of your general onboarding when you first come to work at a dental practice. You may also receive periodic retraining to keep you aware of the office's policies and procedures for HIPAA compliance. 

Who Needs to Know about HIPAA?

The entire office may need to be aware of HIPAA policies and procedures. Without clear awareness, members of the staff could violate compliance without even realizing it.

Slip-ups may have costly consequences, and that's why you may consider providing your staff with periodic retraining to keep the office policies and procedures fresh in their memory.

Patient Information Security

You may need to consider whether you need to secure and encrypt patient information when it's stored, as well as when it's transmitted in any medium. That includes sensitive information transmitted via both SMS and email. 

Dentists also may need to review whether it would be appropriate to conduct other activities with patient information, such as emailing themselves a patient file to look at something at home later.

Encryption or secured platforms are a method of sending patient files. You may have to hire a third-party vendor that provides encryption services. In order to see how secure your systems are, you should periodically conduct penetration testing and risk assessment. 

Although there is no such thing as a "HIPAA compliant" operating system, you do want to make sure that your operating system is supported. This may include reviewing whether your vendor provides periodic security patches.

How Much Does HIPAA Compliance Cost for Dentists?

Nationwide, the cost of HIPAA compliance is $8.3 billion a year, with an average cost to each individual provider somewhere in the neighborhood of $35,000. The cost of HIPAA compliance varies for each practice, but the cost of a violation may be more costly in terms of expenses, reputation, and your career.

Digital and Physical Transmissions

With many practices moving to all digital files, and the increased awareness of cyberattacks, many practices may be focused on digital transmissions of patient information. However, dental practices may also need to review their security policies and procedures related to physical files.

Dental practices may also need to review their file disposal practices to determine if they are compliant. The disposal of files may seem easy, but there may still be security risks.

What Are the Penalties for HIPAA Violations?

Fines for not being compliant with HIPAA regulations are based on a tiered structure, with individuals charged anywhere from $100 to a maximum of $50,000 per violation. The amount of the fine depends on a number of factors. 

If your practice is selected for an audit, of course, it is possible that the discovery of a violation could lead to further investigation and other actions. If you are audited, then you may want to contact a legal professional for guidance.

What Do You Do Once You’re Compliant?

Once you've reviewed with your legal counsel and you’re compliant with HIPAA regulations, what do you do next? 

For many dentists, the answer is simple: Grow

Learn ways to try to help grow your dental patient list with our free ebook.

Treloar & Heisel and Treloar & Heisel Property and Casualty are divisions of Treloar & Heisel, LLC.

Insurance products are offered through Treloar & Heisel, LLC.

This content is intended for general informational purposes only and is not to be construed as advice. Treloar & Heisel, LLC. and its divisions do not offer legal or IT advice. Please consult with a professional concerning these topics.

20-082