Any dental practice that is uncertain if is fully compliant with HIPAA and state privacy laws will benefit from four new HIPAA training resources available in the CDA Practice Support section of cda.org. Each resource is intended to train both the privacy officer and the security officer in a dental practice on their shared responsibilities. These shared responsibilities include development of written policies and procedures, staff training and discipline, risk analysis and mitigation and breach assessment and notification.
The four resources are:
- “HIPAA Privacy Officer and Security Officer: Overview of Responsibilities” – The resource provides definitions, intent and other detailed information on the laws; lists and describes the required written policies and procedures; and reviews workforce training, business associates and compliance expectations.
- “HIPAA: Patient Rights, Privacy Practices and Privacy and Security Safeguards” – The resource describes several patient rights; reviews the appropriate uses and disclosures of patient information; and identifies the types of privacy and security safeguards that can be implemented in a dental practice.
- “How to do a HIPAA Risk Analysis” – The required risk analysis, which incorporates assessments of the dental practice’s risks, technical systems and compliance efforts, is essential to the dental practice’s ability to assure the privacy and security of patient information. The lack of a thorough risk analysis is often cited by the U.S. Department of Health and Human Services Office for Civil Rights when it investigates covered entities. This resource describes the steps necessary to perform a HIPAA risk analysis and what must be addressed in a mandatory risk management plan.
- “HIPAA: Breach Assessment & Notification” – The resource defines a breach and the exceptions to a breach. Incidents involving the unauthorized use or disclosure of patient information should be assessed unless the dental practice decides to move forward with the breach notification process.
These new resources join two others already available to members: “Information Privacy and Security – HIPAA, State Laws” and “Access to Patient Records.” A dental practice can use those two resources in conjunction with its written policies and procedures to train all staff and other individuals who work in the practice. HIPAA does not require “HIPAA certification” and does not require that staff training be provided annually or by a third party.
Access the new resources in the CDA Practice Support resource library.