The HIPAA Privacy Rule
HIPAA is applicable to protected health information. Protected health information is any oral or written information about a patient that relates to the physical or mental condition of a patient. HIPAA applies to "covered entities," which are statutorily defined as those entities which receive, use or are exposed to protected, private patient health information. Therefore, dentists offices are included in HIPAA's reach.
HIPAA Privacy Rule Compliance
HIPAA Security Rule
Pursuant to HIPAA, there must be security efforts by a covered entity which handles the electronic storage and transmission of patient protected health information. This is known as the HIPAA security rule. Under this rule, a provider has to provide HIPAA employee training in the handling of patients' electronic records. In addition, the computer system must be password protected, contain back up emergency disaster plans and firewall protection. Therefore, a dental office must take steps to ensure the office complies with this requirement.
HIPAA and Paper Transactions
It is important to note that a dental office may possibly be exempt from HIPAA. If a dentist handles insurance or other business transactions on paper, that transaction is not subject to the privacy rules. However, when the paper is exchanged or input into electronic form at some point, such as where the paper is submitted to an insurer, then the transaction is subject to HIPAA.
In 2006, the final enforcement rule for HIPAA was released. This enforcement rule indicates the procedure for complaints of HIPAA violations and provides for civil monetary penalties that can be assessed for violations of HIPAA. The United States Department of Health and Human Services, in conjunction with other state and/or federal departments administer the enforcement of HIPAA.