News — HIPAA

HIPAA Compliance can save you hundreds of thousands to millions in fines and penalties.  The goalposts for HIPAA compliance change due to new requirements the evolution of case law.  There’s a storm brewing, and you need to listen to this one….It’s gonna cost you.  In recent years healthcare providers have paid through the nose for HIPAA violations. Their greatest liability? People. Yes, people are the biggest threat to privacy and information security. See all it takes is one of employee to open an e-mail, click on a link, or open an attachment they shouldn’t open (and perhaps not even reports it to...

Are you HIPAA compliant? Are you sure? There are situations that you can use or disclose Protected Health Information and you do not need a signed authorization to do so. Patients (or in some cases their caregivers) always have the Right of Access. Next, there are what are known as T-P-O exceptions. They are: TREATMENT – Dental offices can communicate/ coordinate treatment with other healthcare providers for the care of a common patient, dentists can communicate with other healthcare providers regarding a patients, or refer patients to other providers without a written authorization from the patient/caregiver. PAYMENT – Dental offices...

Cyber security threats are continually evolving and they pose a very real and significant threat to dental practices. Ransomware is malicious software that takes over a victim’s hard drive when they click on an infected advertisement, email, attachment, or website and encrypts the contents of a device – and any other connected electronics – which the hacker then demands bitcoin or cryptocurrency payments to unlock. With an adequate data backup, you may be able to recover from a ransomware situation, but you will still have a mess to deal with. The HHS-Office for Civil Rights (OCR) is the federal agency...

There is much to do to comply with all that HIPAA requires. First, consider ‘what’ you have to comply with (Privacy Rule, Security Rule and Breach Notification Rule. The Enforcement Rule prescribes Civil Monetary Penalties and (often) Corrective Action Plans (ongoing government involvement) to remediate violations.   The privacy rule identifies when Protected Health Information (PHI) can be used and disclosed, under what situations use and disclosure requires express authorization. It outlines concepts like the Minimum Necessary principle, which specifies that each member of a Covered Entity’s workforce and Business Associates should only have access to the least amount of...

More practices today are use electronic dental records. There are certainly pros and cons of doing so, which is beyond the scope of this blog post. What is important is that the software used today allows providers to template their notes, which are often necessarily-detailed. The problem with using templates, especially those with pre-populated answers are whether the answers accurately reflect the patient presentation, diagnostic test results (i.e. x-rays), the dentist’s findings/recommendations, and (ultimately) treatments provided. If yes, great! If no, oh no!