News — PHI

HIPAA Compliance can save you hundreds of thousands to millions in fines and penalties.  The goalposts for HIPAA compliance change due to new requirements the evolution of case law.  There’s a storm brewing, and you need to listen to this one….It’s gonna cost you.  In recent years healthcare providers have paid through the nose for HIPAA violations. Their greatest liability? People. Yes, people are the biggest threat to privacy and information security. See all it takes is one of employee to open an e-mail, click on a link, or open an attachment they shouldn’t open (and perhaps not even reports it to...

Are you HIPAA compliant? Are you sure? There are situations that you can use or disclose Protected Health Information and you do not need a signed authorization to do so. Patients (or in some cases their caregivers) always have the Right of Access. Next, there are what are known as T-P-O exceptions. They are: TREATMENT – Dental offices can communicate/ coordinate treatment with other healthcare providers for the care of a common patient, dentists can communicate with other healthcare providers regarding a patients, or refer patients to other providers without a written authorization from the patient/caregiver. PAYMENT – Dental offices...

Cyber security threats are continually evolving and they pose a very real and significant threat to dental practices. Ransomware is malicious software that takes over a victim’s hard drive when they click on an infected advertisement, email, attachment, or website and encrypts the contents of a device – and any other connected electronics – which the hacker then demands bitcoin or cryptocurrency payments to unlock. With an adequate data backup, you may be able to recover from a ransomware situation, but you will still have a mess to deal with. The HHS-Office for Civil Rights (OCR) is the federal agency...

There is much to do to comply with all that HIPAA requires. First, consider ‘what’ you have to comply with (Privacy Rule, Security Rule and Breach Notification Rule. The Enforcement Rule prescribes Civil Monetary Penalties and (often) Corrective Action Plans (ongoing government involvement) to remediate violations.   The privacy rule identifies when Protected Health Information (PHI) can be used and disclosed, under what situations use and disclosure requires express authorization. It outlines concepts like the Minimum Necessary principle, which specifies that each member of a Covered Entity’s workforce and Business Associates should only have access to the least amount of...

To be HIPAA compliant Covered Entities (Dental Offices and DSOs) and Business Associates are required to have written policies and procedures, know them, follow them, and enforce them! Sadly this is something ALMOST every dental office fails to comply with. You may have a HIPAA manual, but has it been tailored to your practice setting. Have you and your employees read them, understood them, follow them, abide by them?    When it comes to HIPAA there are some terms you should know. For this post, the term of the day is ‘Workforce’.   Your workforce is your employees, volunteers, trainees, and other persons...