In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was enacted, with the primary purpose to protect the privacy and security of personal health information (PHI) and ensuring that it is confidential and handled with integrity. HIPAA applies to covered entities, including healthcare providers, health plans, and healthcare clearinghouses that transmit health information electronically. HIPAA also applies to business associates who perform functions or services on behalf of the covered entities and handle PHI.
HIPAA is enforced by the HHS (Department of Health and Human Services), a US federal agency that is responsible for administering and enforcing various healthcare-related regulations and laws. HHS oversees the implementation and enforcement of HIPAA regulations.
Under HIPAA, covered entities and business associates must implement administrative, physical, and technical safeguards to protect PHI from unauthorized access, use, or disclosure. HIPAA also grants patients certain rights, which include the right to access and obtain copies of their PHI, the right to request corrections to their PHI, and the right to file a complaint if they believe that their rights have been violated. HIPAA violations result in significant penalties, including fines and even criminal charges.
There are many facets to HIPAA, which we will cover in great length in this compliance course. There are two main rules that you should understand before delving deeper, however, and we’ll go over these now. These are called the Privacy Rule, and the Security Rule.
Dental practices are considered covered entities under HIPAA if they transmit patient health information electronically, such as through electronic health records (EHRs), or email. Dental practices must implement appropriate administrative, physical, and technical safeguards to protect the privacy and security of patient health information. This includes developing and implementing policies and procedures to safeguard PHI, ensuring that patient information is stored securely and accessed only by authorized individuals, and training employees on HIPAA regulations.
Some things that you will be required to do as an employee of a dental practice is to ensure that your patients are provided with a Notice of Privacy Practices, which will outline your patient’s rights under HIPAA, how their information may be used or disclosed, and how they can file a complaint if their rights have been violated.
We are required by federal and state laws to maintain the privacy of our patient’s health information and to give patients notice about our privacy practices and their rights concerning their health information. We have to collect limited health information on patients in order to provide comprehensive dental care — which includes relevant health information, certain medications, or the names of other healthcare providers that the patient utilizes. We disclose health information that patients compile for appointment setting, treatment options, payment, and our business operations.
