Do Dentists Have To Comply With HIPAA?

dentists and HIPAA

HIPAA is a federal law in the U.S. that aims to protect patients’ medical records. When you hear medical records, you naturally think of organizations that store, transmit, maintain or create protected health information (PHI) like hospitals. A lot of dentists, however, ask this question “is my practice covered under HIPAA”?

Are Dentists HIPAA Covered Entity?

So the answer is, yes, dental practices also have to follow the HIPAA rules. However, not all individual dentists are HIPAA-covered entities. A dentist that is employed by a dental firm will not be considered a covered entity - the firm, however, in this case, is the covered entity. In this case, it can be expected that the dentist will comply with the HIPAA rules as much as the firm employs HIPAA-compliance policies and procedures with regards to the permissible use and disclosure of PHI.

On the end of the spectrum, individuals running his or her own dental practice are HIPAA-covered entities if they transmit patient healthcare data for billing electronically. They will be considered a covered entity even if they use a third-party clearinghouse to submit the claim on their behalf.

This leaves a gray area for dentists that are in between either end of the spectrum. Small dental practices should seek advice about whether they are covered by HIPAA. Even if they do not find any concrete answers, it is always best to follow HIPAA guidelines for best practice security.

HIPAA Compliance for Dentists

Like any other HIPAA-covered healthcare organization, dentists or dental firms also have to comply with the HIPAA Privacy, HIPAA Security, and HIPAA Breach Notification Rules. The Rules cover how healthcare providers, including dental practices, should create, store, use, or share patient healthcare and payment-related data. The Rules also tells about the circumstances under which PHI can be disclosed without the patient’s permission.

For a very large dental firm, it is advisable to appoint a HIPAA compliance officer. However, that is not mandatory. The individual dentist or an existing employee can also be the compliance officer. Many smaller practices or individual practitioners also use HIPAA compliance management applications to streamline their efforts. General responsibilities of a compliance officer include:

- Performing risk assessments to identify potential gaps in existing policies and procedures that could lead to PHI being compromised.
-Conduct risk analyses to determine the appropriate way to address the identified gaps and protect patient data.
- Apply measures - for example, changes to working practices and technological measures to better protect patient data.
- Create policies and procedures to corroborate the implementation of HIPAA compliance measures. Also, disciplinary policies for the failure to comply with the policies and procedures.
- Employee training on the HIPAA policies and procedures, the importance of the law, and how to best handle patient data.
- Conducting comprehensive appraisal on any third-party service providers, also known as business associates, with whom patient data is shared and reviewing if all the correct business associate agreements (BAA) are in place.
- To ensure that there is a contingency plan in place to minimize business disruption and potential penalties for non-compliance in the event of a breach.

What about dental practices? 

As I have mentioned earlier, large dental firms should appoint a Compliance officer as they are more likely to be targeted by cybercriminals and are vulnerable to patient data breaches. It should also be noted that HIPAA compliance for dental practices is not dissimilar to the compliance requirements for dentists. In any case, dental practices should pay attention to their cybersecurity and agreements with their business associates.

To conclude

HIPAA compliance does not always have to be complicated and arduous. But complying with HIPAA is important because otherwise, organizations could face hefty fines that could range from anywhere in between $10,000 to $1.5 million. Many organizations also use HIPAA compliance software and training tools to streamline their efforts. If you want to use one, make sure to do your research and adopt a solution that incorporates all the necessary modules to ensure compliance.

Author Bio: Riyan N. Alam is a digital marketing analyst at CloudApper, a supplier of mobile ERP solutions, including HIPAA compliance software, facility management software, and many more. Combining his passion for reading books, he writes about subjects valuable to people and their daily lives. Riyan loves traveling and trading in his free time. 

Do You Need An Attorney?

If so, post a short summary of your legal needs to our site and let attorneys submit applications to fulfill those needs. No time wasted, no hassle, no confusion, no cost.

Posted - 04/29/2021