Secure electronic transmission of protected health information is one of the many requirements of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Dental practices should review the rule requirements to ensure compliance.
More and more resources are becoming available for dentists to use to stay compliant.
The ADA has launched a new kit, for example, that helps dental practices comply with HIPAA. The ADA Complete HIPAA Compliance Kit includes a Privacy and Security Manual that outlines privacy, breach notification and security compliance in a step-by-step format. It also includes a Practical Guide to HIPAA Training that has two levels of training. Level 1 targets dental office personnel with the basics of HIPAA compliance. Level 2 targets managers to help them develop and implement a HIPAA compliance program for their offices.
ADA also is offering a three-year subscription to the HIPAA Compliance Update Service that advises subscribers whenever federal HIPAA laws change.
CDA's HIPAA Security Rule: A Summary resource can be found on cda.org/Privacy-HIPAA. Also, the Department of Health and Human Services has a Guidance on Risk Analysis resource on its website hhs.gov.
Congress passed HIPAA in 1996 to simplify, and thereby reduce the cost of, the administration of health care. HIPAA does this by, among other things, establishing standard codes and identifiers and encouraging the use of electronic transactions between health care providers and payers. Congress deemed that if the electronic transmission of patient health information was to be encouraged by the legislation, there needed to be means to protect the confidentiality of that information, and thus, the HIPAA Security Rule was created. With the exception of small health plans, which had a later compliance date, covered entities had to be compliant with the rule by April 20, 2005.
After establishing a "security officer" in the practice (similar to the designation of a privacy officer as required by the HIPAA Privacy Rule), conducting a documented risk analysis on their practices' information systems is the first step dentists can take to be in compliance with the HIPAA Security Rule. Other things dentists can do to protect themselves include, among other things, instituting a system to regularly review records of information system activity, such as audit logs, access reports and security incident tracking reports, and having business associate agreements that require compliance with the Security Rule and notification of data breaches that occur with the respective business associate.
For more information on patient privacy and HIPAA requirements, visit cda.org/Privacy-HIPAA. For more from HSS, visit hhs.gov.
For pricing and to purchase the ADA Complete HIPAA Compliance Kit, visit ebusiness.ada.org.
(Source: ADA News)