State and federal privacy laws, including the state Confidentiality of Medical Information Act (CMIA), HIPAA Privacy and Security rules, and data breach notification requirements. Also includes information on how to comply with payment card industry data security standards (PCI DSS).
California's data breach notification law will undergo amendments effective Jan. 1, 2015. Some reports have indicated that AB 1710 will require companies to provide credit monitoring in the event of a data breach, which is not true. It does state, however, that when companies experience a data breach and decide to offer credit monitoring to affected individuals, they must offer the services at their own expense and for no less than one year. The breach notification must also contain all material information individuals need to take advantage of the offer.
It was a week before Christmas last year when the practice of Robert Meaglia, DDS, in Rocklin was broken into through the back door. The burglars took everything they could get their hands on, from toothbrushes to a Gameboy. But the most important thing they stole was the main unencrypted computer that had all of Meaglia’s patients’ information on it.
The Department of Health and Human Services recently released its "Annual Report to Congress on HIPAA Privacy, Security and Breach Notification Rule Compliance." In the report, the HHS detailed the number of complaints received for the calendar years 2011-12, the number of complaints resolved, the number of subpoenas or inquiries issued and more. The HITECH Act requires HHS to conduct the report, which found that during 2011 and 2012, the U.S. Office for Civil Rights (OCR) received 19,476 complaints, which was a significant increase over each respective year prior.
The U.S. Department of Health and Human Services recently announced that it would be conducting a second phase of HIPAA audits. The audit program is intended to be primarily for information gathering, but the HHS Office for Civil Rights will assess whether to open a separate compliance review in cases where an audit indicates serious compliance issues. Therefore, it is important that dental practices have a current HIPAA risk analysis in place; that their Notice of Privacy Practices is current and acknowledgement of receipt forms are maintained.
The U.S. Department of Health and Human Services (HHS) has launched a new security risk assessment tool that helps dentists and other health care professionals be in compliance with the Health Insurance Portability and Accountability Act (HIPAA). It is important for dentists to conduct a security risk assessment as required by HIPAA to protect their patients' information and minimize liability risk. A recent review of HIPAA enforcement actions reveals that entities were penalized for not having a documented risk analysis or for having an incomplete analysis.
A CDA member’s dental practice lost a computer server to thieves last year, and is now responding to U.S. Health and Human Services (HHS) inquiries on that practice’s HIPAA compliance. CDA has been assisting the practice in this process, and is offering members recommendations so they can avoid a similar situation.
It is important for dentists to conduct a Security Rule risk analysis as required by the Health Insurance Portability and Accountability Act (HIPAA) to protect their patients’ information and minimize liability risk. A recent review of HIPAA enforcement actions reveals that entities were penalized for not having a documented risk analysis or for having an incomplete analysis.
There has been a lot of speculation around the use of Windows XP as it relates to HIPAA violations. Many IT consultants are saying if dentists’ information systems are operating on Windows XP after April 8, 2014, they are in violation of HIPAA. The HIPAA Security Rule does not specifically require the use of operating systems that are manufacturer-supported so continuing to use Windows XP after April 8 is not in itself a HIPAA violation.
Recent Health Information Technology for Economic and Clinical Health (HITECH) amendments to the Health Insurance Portability and Accountability Act (HIPAA) expanded patient rights with regard to their health information and added a breach notification rule for covered entities, such as dentists, to follow.
The combination of a HIPAA deadline and vendor communications about the deadline recently sent many CDA members to the Internet and telephone to find out what assistance they could get from the Practice Support Center. Callers had specific questions on the requirement to securely transmit protected health information to other dental practices.
The Sept. 23 compliance deadline for the omnibus rule/HITECH amendments to the Health Insurance Portability and Accountability Act (HIPAA) is just around the corner. There are a couple educational options for dentists related to this subject.
The U.S. Department of Health and Human Services (HHS) published the long-awaited final omnibus rule under HIPAA (Omnibus Rule) on Jan. 25, 2013. The rule implements the Health Information Technology for Economic and Clinical Health Act (HITECH) and requires that health care providers amend their Notice of Privacy Practices (NPP) and Business Associate Agreements to include new elements. The compliance date for the final rule is Sept. 23, 2013.