HIPAA and Dental Office Procedures

By J.S. Nogara

Dentist offices are subject to the Health Insurance Portability and Accountability Act (HIPAA) of 1996. HIPAA was enacted originally to address the electronic transmission of health information. However, in 2001, the privacy rule was created by the Department of Health and Human Services, the entity responsible for monitoring compliance with HIPAA. In addition, HIPAA requires security to be in place in the event that protected health information is disclosed.

The HIPAA Privacy Rule

HIPAA is applicable to protected health information. Protected health information is any oral or written information about a patient that relates to the physical or mental condition of a patient. HIPAA applies to "covered entities," which are statutorily defined as those entities which receive, use or are exposed to protected, private patient health information. Therefore, dentists offices are included in HIPAA's reach.

HIPAA Privacy Rule Compliance

In order to comply with HIPAA, it is necessary for a dental office to take measures to protect the patients' protected health information. One routine dental office procedure to comply with HIPAA includes having patients sign a document which states who can receive their health information. Furthermore, the dental office must create and maintain a HIPAA privacy policy and procedures in order to comply with the privacy rule. In addition, the office usually presents an explanation of the privacy policies and procedures for the patients' review and acknowledgement.

HIPAA Security Rule

Pursuant to HIPAA, there must be security efforts by a covered entity which handles the electronic storage and transmission of patient protected health information. This is known as the HIPAA security rule. Under this rule, a provider has to provide HIPAA employee training in the handling of patients' electronic records. In addition, the computer system must be password protected, contain back up emergency disaster plans and firewall protection. Therefore, a dental office must take steps to ensure the office complies with this requirement.

HIPAA and Paper Transactions

It is important to note that a dental office may possibly be exempt from HIPAA. If a dentist handles insurance or other business transactions on paper, that transaction is not subject to the privacy rules. However, when the paper is exchanged or input into electronic form at some point, such as where the paper is submitted to an insurer, then the transaction is subject to HIPAA.

HIPAA Enforcement

In 2006, the final enforcement rule for HIPAA was released. This enforcement rule indicates the procedure for complaints of HIPAA violations and provides for civil monetary penalties that can be assessed for violations of HIPAA. The United States Department of Health and Human Services, in conjunction with other state and/or federal departments administer the enforcement of HIPAA.

About the Author

J.S. Nogara began writing in 2000, publishing in legal texts, newspapers, newsletters and on various websites. Her credits include updating "New York Practice Guides: Negligence." She is a licensed attorney admitted to the New York State courts and the Federal Court, Southern District in New York. She has a B.S. from the University of Connecticut, a J.D. and an LL.M. degree.