<img height="1" width="1" src="https://www.facebook.com/tr?id=156746741685952&amp;ev=PageView &amp;noscript=1">
Subscribe to our Blog!
Show all

Do Dentists need to comply with HIPAA?

In April 2018, a dental office in New Jersey, Michael Gruber, DMD, PA reported that their computers were hacked and 4624 patient records were stolen.  Now this incident appears on the “Wall of Shame” at the Department of Health and Human Services website. Yes, it can happen to anybody.

Many dentists seem to think that either they do not need to comply with HIPAA (Health Insurance Portabiility and Accountability Act) or that they are already compliant as they have taken HIPAA training provided by their EHR or by a consultant. While HIPAA training is indeed one of the annual requirements to be compliant with HIPAA law, it certainly is not the only requirement.

In the event of a breach like the one reported by Michael Gruber, DMD, PA, as it involved the loss or theft of more than 500 patient records, it became a reportable breach. Dentists, like any other covered entity, are required to comply with HIPAA breach notification rules that involve notifying OCR (Office of Civil Rights), the patients and in some cases, media.  This can become an expensive proposition as legal fees, penalties, media costs, postage costs, forensic investigation costs and other related expenses are incurred during this breach notification and investigation phase.

Once a covered entity becomes a victim of a breach, OCR puts the case under investigation and more likely than not, conducts an audit of the practice.   One of the first documents requested in this case is a copy of the office’s HIPAA risk assessment or analysis which should be done annually.    They would typically also ask to see your HIPAA policies and procedures.  Depending on the outcome of the investigation, OCR, as the enforcement arm of the Department of Health and Human Services, might also decide to impose monetary fines for HIPAA violations.  In severe cases of criminal negligence or impropriety, federal agencies such as the FBI or Department of Homeland Security or the Department of Justice get involved and there have been examples where a healthcare provider or an employee has been jailed.

Basic requirements for HIPAA compliance for a dental office:

  • Risk Assessment or Analysis:

    Conduct a risk analysis or risk assessment every year.

  • HIPAA Training:

    Train all your employees (including dentists, hygeinists, assistants and all administrative/ office staff) every year on HIPAA privacy, security and breach notification rules.

  • Policies and Procedures:

    Create and maintain HIPAA policies and procedures and ensure that employees are familiar with them and follow them regularly.

  

DIVIDER

Watch video - What's going down at the dentist's office? 

Watch another brief video on “Five steps to HIPAA Compliance”

DIVIDER

Download the Free HIPAA Regulation Checklist

DIVIDER

Get HIPAA Compliant for 2018:

Avoid penalties today. Do not wait until December to get HIPAA compliant.  You can either complete all the requirements yourself or hire a qualified consultant to prepare your policies and procedures and conduct your annual HIPAA risk assessment and training.  To see services we provide here at 24By7Security for HIPAA compliance, please visit our HIPAA services page HERE.

By Rema Deo.

24By7Security

24By7Security, Inc. is a premier National Cybersecurity and Compliance consulting firm. We are Cybersecurity & Compliance specialists with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.

Related posts

December 10, 2018
November 16, 2018
November 14, 2018

Comments are closed.

Phase 3 of NY Cybersecurity Regulation is due by September 1, 2018/ March 1, 2019
Top 10 tips to stay secure online while traveling this summer