News — HIPAA

To be HIPAA compliant Covered Entities (Dental Offices and DSOs) and Business Associates are required to have written policies and procedures, know them, follow them, and enforce them! Sadly this is something ALMOST every dental office fails to comply with. You may have a HIPAA manual, but has it been tailored to your practice setting. Have you and your employees read them, understood them, follow them, abide by them?    When it comes to HIPAA there are some terms you should know. For this post, the term of the day is ‘Workforce’.   Your workforce is your employees, volunteers, trainees, and other persons...

Okay folks – we need to talk about your data backup.   Dental offices, as covered entities, must meet Implementation Standards to get in compliance with the HIPAA security rules. There are two types of implementation standards: required and addressable. Required means it must be done and there is only one right way to do it. Addressable means it must be done, but you have options. However, if you aren’t going to do it, you must document in writing why. Substantiate. Substantiate. Substantiate.   Backing up your data (the act/action) is an addressable implementation standard. You’ve got to do it,...

As you can see from the title, today’s discussion centers on dental claims, which are utilized to seek reimbursement for services rendered.    Under the HIPAA Transactions and Codes Sets Rule, dentists are required to use a designated code set for billing purposes. These codes are the ADA Current Dental Terminology.   Under the HIPAA Unique Identifier Rule, dentists and physicians are required to obtain and use a National Provider Identification (NPI) number for professional purposes, which is like a professional social security number.   The ADA established a uniform claim submission form which is commonly used for claims submission...

On January 9, 2017, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), announced the first HIPAA enforcement action and settlement based on the late reporting of a breach of unsecured protected health information (PHI). Presence Health, a large Illinois healthcare network, settled potential violations of the HIPAA Breach Notification Rule by paying $475,000 and implementing a corrective action plan. The breach involved missing paper-based operating room schedules containing the PHI of 836 individuals. Information included individuals’ names, dates of birth, medical record numbers, dates of procedures, types of procedures, surgeon names, and types of anesthesia....