HIPAA FOR THE DENTAL PRACTICE

Similar documents
Integrating HIPAA Into Your Compliance Program

BCC DENTAL HYGIENE DEPARTMENT PATIENT S RIGHTS AND CONSENT PACKET STANDARDS OF PATIENT CARE PATIENT S RIGHTS FOR DH CARE

COMMUNITY HOSPICE & PALLIATIVE CARE NOTICE OF PRIVACY PRACTICES

SECTION PRESCRIPTIONS

DISCLOSURE OF ALCOHOL AND SUBSTANCE/DRUG ABUSE RECORDS. This Policy describes permissible disclosures of Alcohol and Substance/Drug Abuse Records.

Instructions for Applicants. Successful completion of this examination is required as one of the conditions for licensure in the State of Vermont.

DRUG AND ALCOHOL POLICY

Initial Clinical History and Physical Form

Family Dental Care of Gainesville, PLLC Dr. Matthew Bayne, DDS 112 N. Denton Street Gainesville, TX Offce phone:

State of Connecticut Department of Education Division of Teaching and Learning Programs and Services Bureau of Special Education

Home Sleep Test (HST) Instructions

Washington County-Johnson City Health Department Christen Minnick, MPH, Director 219 Princeton Road Johnson City, Tennessee Phone:

Upperman Family Dental NEW PATIENT REGISTRATION

Standards for Professional Conduct In The Practice of Dentistry

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2013 H 1 HOUSE BILL 933. Short Title: Informed Consent for HIV/AIDS Testing. (Public)

416 DRUG AND ALCOHOL TESTING I. PURPOSE

CHAPTER Committee Substitute for Committee Substitute for Senate Bill No. 2760

Health Reform, ACOs & Health Information Technology

PROVIDER CONTRACT ISSUES

The Chinese University of Hong Kong. Survey and Behavioural Research Ethics

TRANSITION OF CARE APPLICATION

19 TH JUDICIAL DUI COURT REFERRAL INFORMATION

Section 504 Grievance Procedures

Stacey Dent, D.C., B.C.A.O Three Notch Rd. Unit 104 Hollywood, MD P: F: HarborBayChiropractic.

Substance Abuse Policy. Substance Abuse Policy for Employees and Students

WELD COUNTY ADULT TREATMENT COURT REFERRAL INFORMATION

New Patient Information

SOUTHSIDE COMMUNITY ACUPUNCTURE, LLC. Financial Policies

The State of Maryland Executive Department

POLICY ON SUBSTANCE ABUSE FOR FACULTY, STAFF, AND STUDENTS

Article XIX DENTAL HYGIENIST COLLABORATIVE CARE PROGRAM

DIVISION OF PUBLIC & BEHAVIORAL HEALTH BUREAU OF HEALTH CARE QUALITY AND COMPLIANCE LCB File No. R Informational Statement per NRS 233B.

DELTA DENTAL PREMIER

Electronic Health Records:

D9995 and D9996 ADA Guide to Understanding and Documenting Teledentistry Events

DEPARTMENT OF VETERANS AFFAIRS SUMMARY: The Department of Veterans Affairs (VA) proposes to amend its medical

Note: each state has different drug and alcohol testing rules. Refer to your state regulations to ensure compliance with state and local requirements

MDCH IRB REVIEW APPLICATION Authority: Code of Federal Regulations Title 45 Part 46

Due Process Hearing Request Information Sheet and Model Form

APPLICATION FOR CLINICAL OBSERVERS - University of California, San Francisco

DRUG FREE WORKPLACE POLICY

PSYCHOLOGIST-PATIENT SERVICES

General Dental Treatment Consent Form

Brussels, 20 December 2011 (Case ) 1. Proceedings

Delta Dental of Oklahoma. Dental Program Options for Individuals & Families

Title 32: PROFESSIONS AND OCCUPATIONS

Pamela P. Lombardo, D.D.S. Proposed Orthodontic Treatment

Medical gap arrangements - practitioner application

Cutanea Life Sciences, Inc. Comprehensive Compliance Program

IT and Information Acceptable Use Policy

A Bill Regular Session, 2015 SENATE BILL 717

BIENNIAL REPORT DRUG-FREE SCHOOLS AND COMMUNITIES ACT

PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE Office of Medical Assistance Programs

COLUMBIA UNIVERSITY INSTITUTIONAL REVIEW BOARD GUIDANCE ON ELECTRONIC INFORMED CONSENT

UNIVERSITY HOSPITALS CASE MEDICAL CENTER CONSENT FOR INVESTIGATIONAL STUDIES (v )

Human Subjects Application for Full IRB and Expedited Exempt Review

INGHAM COUNTY. Effective January 1, 2016 as amended November 10, 2015

OREGON MEDICAL MARIJUANA ACT

MOBILE PREMIER PEDIATRIC DENTISTRY Maureen T. Baldy, D.M.D.

DEPARTMENT OF VETERANS AFFAIRS SUMMARY: The Department of Veterans Affairs (VA) is amending its medical

3/6/2017-6/15/2017 Permission to Take Part in a Human Research Study Page 1 of 6

Dental Plan TABLE OF CONTENTS

(City, State, Zip Code)

AMERICAN SIGN LANGUAGE INTERPRETER SERVICE AGREEMENT

Model Intervention for Students with Substance Abuse Problems Act

NOTICE OF INTENT. Department of Health and Hospitals Board of Dentistry

(No. 349) (Approved September 2, 2000) AN ACT. To create and establish the Bill of Rights for Carriers of the HIV/AIDS Virus in Puerto Rico.

GDC Disclosure and Publication Policy

Administering Medicines to Students Asthma Inhaler Exemption

e-cigarette Regulation

MEMBERSHIP AGREEMENT: DESCRIPTION OF SERVICES AND DISCLOSURE FORM Plan Contract

Eliada Assessment Center Application for Services

UNIVERSITY OF PENNSYLVANIA HEALTH SYSTEM

ALCOHOL POLICY FOR GRADUATE STUDENT EVENTS

SUBSTANCE ABUSE MODEL POLICY

Texasmutual.com 844-WORKSAFE ( ) January 2016 Worksafetexas.com 1

Z E N I T H M E D I C A L P R O V I D E R N E T W O R K P O L I C Y Title: Provider Appeal of Network Exclusion Policy

Alcohol & Drug Practice

OFFICIAL POLICY. Policy Statement

EDITION SPECIAL INSIDE

FAQ s - Drugs and Alcohol

CLINTON-ESSEX-WARREN-WASHINGTON BOCES Drug and Alcohol Testing. Champlain Valley Educational Services P.O. Box 455 Plattsburgh, NY

POL HR CDL DRUG AND ALCOHOL TESTING PLAN Page 1 of 8 POLICY. See Also: POL-0409-HR; PRO HR; PRO HR Res

Appeal and Grievance Procedure

DEKALB COUNTY GOVERNMENT DRUG-FREE WORKPLACE POLICY

PART 1306 PRESCRIPTIONS. 21 CFR Ch. II ( Edition)

Civil Rights Compliance for Patients

NEW PATIENT PAPERWORK

Instructions for Applicants. Successful completion of this examination is required as one of the conditions for licensure in the State of Vermont.

IRB EXPEDITED REVIEW

Oklahoma. Prescribing and Dispensing Profile. Research current through November 2015.

HOW TO LodgE a complaint against a

SOUTH DAKOTA BOARD OF REGENTS. Policy Manual

METROLINX ADMINISTRATIVE FEE DISPUTE RESOLUTION PROCESS RULES OF PRACTICE

SPORTS AND SPINE PHYSICAL THERAPY, INC. PATIENT MEDICAL HISTORY

We get your personal data from the following sources (examples detailed below are not exhaustive):

APPLICATION TO EMPLOY A

Title 35-A: PUBLIC UTILITIES

Written Protocol. Moving Tennessee Forward in Access to Care

Changes to the Eighth Edition

Transcription:

HIPAA FOR THE DENTAL PRACTICE Catherine C. Cownie Adam J. Freed E-mail: cownie@brownwinick.com E-mail: freed@brownwnick.com Telephone: 515-242-2490 Telephone: 515-242-2402 BrownWinick Law Firm 666 Grand Avenue, Suite 2000 Des Moines, IA 50309-2510 Website: www.brownwinick.com Questions to Ask About Your Practice When was the last time you completed a HIPAA risk assessment? Do you have a written HIPAA compliance plan? If you have a compliance plan, when was the last time you reviewed it? When was the last time you provided training to your employees regarding HIPAA? Other than your employees, who has access to your patients dental records? Who is your Privacy Officer? Who is your Security Officer? Applicable Laws Rules of the Iowa Dental Board HIPAA Other Laws Applicable to Specific Categories of Information Substance Abuse Mental Health HIV/AIDS Employment 1

Iowa Dental Board Rules 27.11(2) Retention of records. A dentist shall maintain a patient s dental record for a minimum of six years after the date of last examination, prescription, or treatment. Records for minors shall be maintained for a minimum of either (a) one year after the patient reaches the age of majority (18), or (b) six years, whichever is longer. Study models and casts shall be maintained for six years after the date of completion of treatment. Alternatively, one year after completion of treatment, study models and casts may be provided to the patient for retention. Proper safeguards shall be maintained to ensure safety of records from destructive elements. Iowa Dental Board Rules 27.11(3) Electronic record keeping. The requirements of this rule apply to electronic records as well as to records kept by any other means. When electronic records are kept, a dentist shall keep either a duplicate hard copy record or use an unalterable electronic record. Iowa Dental Board Rules 27.11(5) Confidentiality and transfer of records. Dentists shall preserve the confidentiality of patient records in a manner consistent with the protection of the welfare of the patient. Upon request of the patient or patient s legal guardian, the dentist shall furnish the dental records or copies or summaries of the records, including dental radiographs or copies of the radiographs that are of diagnostic quality, as will be beneficial for the future treatment of that patient. The dentist may charge a nominal fee for duplication of records, but may not refuse to transfer records for nonpayment of any fees. 2

HIPAA and HITECH Health Insurance Portability and Accountability Act Health Information Technology for Economic and Clinical Health Act HIPAA Applies to Protected Health Information Protected Health Information includes any information that identifies a patient, regardless of whether the information seems private or sensitive. PHI Includes Dental Records Maintained Pursuant to Iowa Dental Board Rules The rules of the Iowa Dental Board require the following in dental records: Name, date of birth, address and, if a minor, name of parent or guardian. Name and telephone number of emergency contact. The patient s dental and medical history. When a patient presents with a chief complaint, dental records shall include the patient s stated oral health care reasons for visiting the dentist. 3

PHI Includes Dental Records Maintained Pursuant to Iowa Dental Board Rules The rules of the Iowa Dental Board require the following in dental records (cont.): Chronological dates and descriptions of the following: Clinical examination findings, tests conducted, and a summary of all pertinent diagnoses; Plan of intended treatment and treatment sequence; Services rendered and any treatment complications; All radiographs, study models, and periodontal charting, if applicable; Name, quantity, and strength of all drugs dispensed, administered, or prescribed; and Name of dentist, dental hygienist, or any other auxiliary, who performs any treatment or service or who may have contact with a patient regarding the patient s dental health. Documentation of informed consent. Who Must Comply with HIPAA? Covered Entities Health plans Health care clearinghouses Health care providers who transmit health information in electronic form Business Associates A person who creates, receives, maintains, or transmits protected health information on behalf of a covered entity NOT a member of the covered entity s workforce Likely Business Associates of Your Dental Practice Electronic dental record provider Information technology support provider Claims processor Third-party billing company Law firm Accounting firm Document shredding company 4

Business Associates Now Include Subcontractors of Your Business Associates A business associate includes a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of the business associate. Who Must Comply with HIPAA? (cont.) Covered Entity Dental Plan Lawyer s IT Provider Lawyer, Patient Dentist Accountant, Billing Co. Subcontractor Business Associates Workforce Members Employees Business Associates What Documentation Should a Dental Practice Request from its Business Associates? A business associate must provide satisfactory assurances that it will appropriately safeguard the protected health information. The Business Associate provides the satisfactory assurances in a Business Associate Agreement. 5

Dental Labs In March 2017, the Office for Civil Rights confirmed that dentists are not required to have a Business Associate Agreement with their dental laboratory when disclosing PHI for treatment purposes. http://www.ada.org/en/publications/ada-news/2017-archive/march/ocr-responds-toquestion-about-dental-labs-business-associate-agreements So I m Subject to HIPAA Now What Do I Do? HIPAA requires covered entities and business associates to implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic protected health information. STEP 1: Conduct a Risk Assessment HIPAA requires covered entities and business associates to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate. The risk assessment must be prepared in writing. 6

STEP 1: Conduct a Risk Assessment (cont.) Possible Vulnerabilities (not an exhaustive list): No off-site back-up of electronic PHI. Lack of a Business Associate Agreement with one or more business associates Protected health information stored in unencrypted format Insufficient user access controls to computer systems containing PHI Passwords taped to the side of monitors Storage of PHI on portable devices that could be lost or stolen Routine discussion of care with patients in area where other patients are present (such as the waiting room) Former employees have keys to the office or building. Outdated anti-virus software. STEP 2: Correct Any Deficiencies Identified If your risk assessment identifies any risks, determine what steps are necessary to eliminate or minimize the risk. Document the steps you take to eliminate or minimize the risk. STEP 3: Develop Written Policies and Procedures Establish protocols for your administrative, physical, and technical safeguards, such as the following: How often and where electronic PHI is backed up Password content requirements and how often they must be changed Which workforce members have keys to the office When and how training is provided to new and current workforce members Termination of access to PHI by former employees Restrictions on use of portable devices for electronic PHI Use of antivirus software 7

STEP 3: Develop Written Policies and Procedures (cont.) Specify processes for complying with your patients rights under HIPAA, including their rights to Access their PHI Amend their PHI Obtain a list of disclosures of their PHI Establish a procedure to follow if you are unable to access your electronic PHI Establish a procedure to follow in the event of a breach of electronic PHI Establish a sanction policy for employees who fail to comply with the policies and procedures STEP 4: Train Your Workforce on the Policies and Procedures Provide initial training to all employees upon adoption of the policy Include HIPAA training in the orientation for new employees Periodically hold refresher courses for current employees Periodically send out reminders to employees STEP 5: Monitor Compliance with Policies and Procedures and Revise as Necessary Risk Assessment HIPAA Compliance is an Ongoing Process Monitor Compliance Correct Deficiencies Train Workforce Implement Procedures 8

HIPAA Example [Insert Video] HIPAA Issues Identified in the Example Elaine could have simply requested a copy of her medical record from her physician. Physician reviewing x-ray image in plain view of everyone in the lobby. Fake Erase : The rules of the Iowa Dental Board do not permit erasures or white-outs in dental records. Changes can only be made by drawing a single line through the incorrect information and initialing the change. Consequences of Failing to Comply with HIPAA and HITECH Discipline by Iowa Dental Board Must report breaches of PHI to HHS Office of Civil Rights Must report major breaches of PHI to local news media Civil penalties of $100 up to $50,000 per violation depending on severity Criminal penalties of up to 10 years in prison for intentional violations State Attorneys General can enforce HIPAA Damage to reputation and loss of confidence among patients 9

Recent Examples of HIPAA Breaches Recent Examples of HIPAA Breaches June 29, 2016 Recent Examples of HIPAA Breaches 10

Recent Examples of HIPAA Breaches Website: www.brownwinick.com Toll Free Phone Number: 1-888-282-3515 OFFICE LOCATIONS: 666 Grand Avenue, Suite 2000 Des Moines, Iowa 50309-2510 Telephone: (515) 242-2400 Facsimile: (515) 283-0231 616 Franklin Place Pella, Iowa 50219 Telephone: (641) 628-4513 Facsimile: (641) 628-8494 DISCLAIMER: No oral or written statement made by BrownWinick attorneys should be interpreted by the recipient as suggesting a need to obtain legal counsel from BrownWinick or any other firm, nor as suggesting a need to take legal action. Do not attempt to solve individual problems upon the basis of general information provided by any BrownWinick attorney, as slight changes in fact situations may cause a material change in legal result. 11

2024 © healthdocbox.com Privacy Policy | Terms of Service | Feedback