Mouth Open, Lips Sealed: 5 Five HIPAA Tips for Dentists
Keep your dental practice HIPAA compliant by enacting policies that protect your patients’ information against data breaches.
If you are a dentist, you already understand the importance of HIPAA’s mandate that you safely store and protect your patients’ personal health information (PHI). While the main goal of HIPAA is to keep patients’ private information secure, it is equally important to take proactive steps to prevent potential breaches of data and unauthorized access to patients’ information. Below are five tips for safely storing and protecting your patients’ PHI and avoiding a HIPAA breach.
#1. Use HIPAA-compliant EMR and billing software.
If you have not ensured that you are using HIPAA compliant software to track your billing and electronic medical records (EMR) yet, you will want to do so immediately. Even though HIPAA was passed in 1996, some of the largest billing software options remain non-compliant with HIPAA’s requirements. For example, while Intuit Quickbooks has over an 80% market share of small businesses in the U.S., it is not HIPAA-compliant. While all providers, subcontractors, and other business associates are required to sign a business associate agreement prior to working with an entity or business associate that handles PHI, Quickbooks does not offer its users the option to enter into a business associate agreement with them. If you are inputting any PHI into your EMR or billing software, first confirm that it’s HIPAA-compliant.
#2. Regularly train entire staff on HIPAA practices.
The best way to ensure that you and your staff are on the same page with your practice’s HIPAA procedures is to offer regularly-scheduled staff training on the most up-to-date HIPAA practices. To ensure your compliance, our attorneys always include annual training requirements in a practice’s HIPAA policies and procedures manual; this demonstrates your commitment to compliance to regulators, and it also ensures that your staff understands HIPAA’s importance. Not only are there many intricacies to HIPAA that can be easy to forget, but each dental practice may have its own HIPAA practices and procedures, so staff who were previously trained at a different dental practice will need to be retrained at your office.
#3. Maintain confidentiality agreements and complete thorough reviews each time an employee leaves.
Each member of your staff – including volunteers, interns, and students – should sign a confidentiality agreement before performing any work or observation at your dental practice. Your staff should be crystal clear on exactly what is considered confidential information and how they are expected to handle confidential information. Furthermore, every time an employee leaves your practice, he or she should understand their ongoing obligations to maintain the confidentiality of your practice operations and your patients’ information. Your HIPAA policies and procedures manual should contain an “exit checklist,” which will guide you in revoking that person’s access to PHI.
#4. Obtain consent from patients before sending electronic messages to them.
This is an easy one to implement, but in the age of smartphones, it’s also easy to forget. First, it’s crucial to obtain your patient’s consent to receiving emails from you. Then, prior to sending any confidential information to patients electronically (including appointment reminders!), you should verify with the patient that the email address you have on file is correct. It is also important to remind your staff to use the utmost care when sending emails to patients. One wrong letter in the patient’s email address can result in a patient’s PHI ending up in the hands of a stranger, which constitutes a HIPAA breach.
#5. Ensure that each employee has access only to the minimum necessary PHI to perform job duties.
It may be tempting to create universal access to your EMR database for all staff, but it’s crucial that you take the time to sort out permissions for each member of your staff from day one. Under HIPAA, individuals should only have access to the minimum necessary PHI they need in order to perform their job duties. Granting employees access to more PHI than they need for their job violates HIPAA.
Jackson LLP’s healthcare attorneys make dental practice HIPAA compliance simple and straightforward by establishing comprehensive policies and procedures specific to you. We guide you through the entire process of compliance and enjoy the chance to field questions as they arise. If you’re a dentist or practice manager who needs help establishing or updating your HIPAA policies, schedule a free consultation with one of our attorneys by calling (312) 985-6484 or clicking the button below.