HIPAA Compliance 101

You hear about HIPAA in a lot of different contexts, from many different areas. It can be confusing to understand where exactly HIPAA’s safeguards are active, and what is protected by its regulations. So, first thing first, let’s talk about who and what is regulated by HIPAA, and a little more explicitly on how it pertains to patient safety. 


Who Is Obligated to Follow HIPAA Laws? 

The organizations, companies, and entities which are required to follow HIPAA regulations are called “covered entities”. 



Covered entities MUST have contracts put into place with their business associates to ensure that they use and disclose the health information of their patients properly, and establish the appropriate safeguards. Business associates must also have similar contracts with their subcontractors. They must follow the use and disclosure of provisions of their contracts and the Privacy Rule, as well as the safeguard requirement of the Security Rule.


Of course, there are some entities that do not follow these laws. This includes life insurers, employers, workers’ compensation carriers, most schools, and school districts, many state agencies (such as Child Protective Services and similar agencies), law enforcement agencies, and most municipal offices. 


How Do These Regulations Protect Patients? 

HIPAA regulations are specifically designed to protect the patient’s rights to privacy and security when it comes to their medical and personal information. 



Health insurers, providers, and other covered entities must comply with the rights that are owed to patients through HIPAA. You should get to know these important rights that are owed to patients, both for your own interests as a patient yourself, as well as for the patients that you will treat in your dental career. Of course, patients can always ask their health insurer or provider more questions about their rights. Understanding these better will prepare you adequately for how to handle that conversation. 


Here are some of the rights which are owed to patients due to HIPAA: 


– Patients may ask to see and obtain a copy of their health records. 

– Patients may request to have corrections added to their health information. 

– Patients may receive a notice that informs them of how their health information may be used or shared. 

– Patients may decide if they want to give their permission before their health information can be used or shared for certain purposes, such as for marketing. This means that patients may opt out of this if they desire.

– Patients may request that a covered entity restrict how it uses or discloses their health information. 

– Patients may file a complaint about their provider, health insurer, or other covered entity if they believe that their rights are being denied or that their health information is not properly protected. They can file this complaint with the HHS.