We are an online dental health service company as well as providing amazing products, we are following the HIPAA guidelines and protecting confidential customer information according to these guidelines. Updated: 12/2/2020
Below are the recommended guideline:
Although many dental offices are self-contained entities, the HIPAA rules for dentists apply to any dental office that may send claims, eligibility requests, pre-determinations, claim status inquiries, or treatment authorization requests electronically.
If a dental office transmits any of the above transactions directly to a payer or uses the services of a business associate – who has access to individually identifiable health information – the HIPAA regulations for dental offices also apply and must be adhered to.
Furthermore, policies must be developed to instruct dental office employees on procedures for the use, disclosure, and safeguarding of the PHI – not only to patients and colleagues but also to business associates and third-party service providers.
The HIPAA Rule for Dentists consists of the Privacy Rule (2003), Security Rule (2005), and Breach Notification Rule (2009). Dentists and Dental Offices should also ensure they are familiar with any relevant changes to these Rules enacted in the HITECH Act (2009) and Final Omnibus Rule (2013). The key areas of the HIPAA Privacy Rule for dentists are:
Information about all these elements of the HIPAA Privacy Rule for Dentists, plus details about signing Business Associate Agreements with any non-employee who has authorized access to patients´ records, can be found in our HIPAA Compliance Guide – a comprehensive guide to the HIPAA rules for dentists, which includes an explanation of the Breach Notification Rule, and the updates to the HIPAA Privacy and Security Rules enacted in the HITECH Act and Final Omnibus Rule.
The HIPAA Security Rule is primarily comprised of three sets of “requirements” – technical requirements, physical requirements, and administrative requirements. The technical requirements cover how patient information should be communicated electronically (for example email is not allowed, nor is SMS or Skype).
The technical requirements also detail the processes and controls that have to be implemented in order to protect PHI when it is at rest or in transit.
The physical HIPAA regulations for dental offices concern the security of computer systems and the environment in which the computer systems are situated. Responsibilities included in the physical HIPAA regulations for dental offices include establishing a faculty plan and a contingency plan in the event of an emergency and implementing validation procedures to restrict physical access to PHI stored on the computer systems.
The administrative HIPAA rules for dentists require that system administrators are appointed to select and implement a compliant communications system. Administrators are also responsible for developing “best practice” policies, training dental office employees on the use of the compliant communication system, and monitoring activity on the system. Administrators are also responsible for ensuring HIPAA compliance by Business Associates.
Whereas meeting the Business Associate, privacy, and breach notification HIPAA regulations for dental offices can be achieved without too many issues, complying with the HIPAA Security Rule can present a headache for many dental offices. A solution to the HIPAA Security Rule is to implement a system of secure messaging.
Unlike email, SMS, or Skype, secure messaging is conducted within a private network only accessible by authorized users. The authorized users can access patient data and communicate it with other authorized users only after they log in to secure messaging apps which require user authentication via a unique centrally-issued username and password.
All patient data is encrypted at rest and in transit, so it is perfectly safe to send text messages, share images or conduct video calls over public Wi-Fi services via a mobile device. The secure messaging apps can also be used on desktop computers, and a time-out feature automatically logs users out of the network when a computer or mobile device is unattended, to prevent unauthorized access to patient data.
In addition to safeguards that prevent patient data from being saved to an external hard drive, copied and pasted, or forward outside of the dental practice´s private network, the messaging platform through which all communications travel monitors activity on the network. Administrators can ensure that secure messaging policies are being adhered to, or PIN-lock an app if the device it is downloaded onto is lost, stolen, or disposed of.
Secure messaging solutions were originally developed to enable HIPAA-covered entities to comply with the industry regulations for privacy and security. However, a series of efficiency-increasing and cost-reducing benefits have resulted from the implementation of secure messaging solutions – many of which will be applicable in a dental office environment:
These features and benefits ensure that secure messages are transmitted to the correct recipient, reduce the time and money that may be wasted between sending messages and receiving replies and protect the integrity of patient data in compliance with the HIPAA rules for dentists.
The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) establishes, for the first time, a set of national standards for the protection of certain health information. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals' privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties.
Tod C Anderson DDS, 9520 Soquel Dr, Aptos, California 95003, United States