This checklist provides an overview of what dental practices need to do to comply with Dental Board, occupational safety, employment, environmental, patient privacy and general business requirements. This list offers general information and does not take the place of legal advice. This list is not exhaustive and each item may not be applicable to every situation.
The mission of the Dental Board is to protect and promote the health and safety of consumers of the state of California.
It does this primarily through enforcement of the Dental Practice Act (DPA). Individuals can view the DPA online or order a printed copy at dbc.ca.gov. “Guide to Dental Practice Act Compliance” summarizes portions of the DPA and organizes information in alphabetical order by subject. Many of the board applications and forms mentioned below may be completed using the Department of Consumer Affairs website, breeze.ca.gov.
Notify Dental Board of new practice address, or that there is no practice address, using the Change of Address form on the Dental Board website. Every licensed dentist must report a place of practice, any change or additional place of practice or that he or she has no place of practice to the Dental Board within 30 days of the change. If not reported within the specified time, a penalty will be assessed.
Notify Dental Board of a legal name change within 10 days.
The name of a dental corporation must contain and be restricted to the name or the last name of one or more of the present, prospective or former shareholders and shall include the words “dental corporation” or other wording or abbreviations denoting corporate existence. A dental corporation must register with the California Secretary of State, maintain minutes of annual shareholder meetings and file annually a statement of interest
A fictitious name is a name other than the name under which a license is issued or a dental corporation name. Apply for a fictitious name permit, if applicable, and then file a fictitious business name statement with the county clerk. Read information on “Fictitious Business Names.”
Apply for additional office permit if the dentist has a proprietary interest of any nature or any right to participate in the management or control of more than one place of practice. Permit holders must post at each office a sign with the dentist’s name, address, telephone number and dental license number.
A mobile dental clinic/unit is a self-contained facility, which may include a trailer or van, in which dentistry is practiced that may be moved, towed or transported from one location to another. A portable dental unit is a self-contained unit housing equipment used for providing dental treatment that is transported to and used on a temporary basis at nondental office locations. A mobile unit or a dental practice that routinely uses portable dental units to provide treatment in nondental office locations must be registered and operated in accordance with regulations. Currently, portable dental unit registration is pending board’s approval of the permitting process. See Permits for Licensees.
Review “Sedation and Anesthesia Permits” to determine if a dentist needs an oral conscious sedation permit, conscious sedation permit or general anesthesia permit. Information and permit applications are available on the Dental Board website. New permit requirements are expected to take effect January 1, 2022.
A California-licensed physician who is board-certified in oral surgery and wants to practice oral and maxillofacial surgery must have this permit.
Only a licensed dentist with this permit may perform elective facial cosmetic surgery.
Licensed dentists are required to ensure a notice is posted in a facility where dental services are provided. The notice must state in 48-point type:
Dentists are licensed and regulated by the Dental Board of California (877) 729-7789
Information is available on the Dental Board website.
Included in the CDA and component-provided poster set is the “Combined Table of Permitted Duties.” A copy can also be downloaded.
Be aware of federal, state and local rules governing dental practice advertising and marketing. The laws, in general, promote truth-in-advertising and govern endorsements, referrals, discounts, social couponing and more. Read “Dental Practice Marketing and Advertising 101.”
If you offer patients commercial credit and financing, you must provide them a written notice of their rights. Read “Offering Commercial Credit to Patients.”
A license renewal period is two years. Fifty units are required to renew a dental license. Permit holders may have additional continuing education requirements. Twenty-five units are required to renew all allied dental health personnel licenses and permits, except for RDHAPs. RDHAPs require 35 units for license renewal. Three courses are required each renewal period: (1) 2-hour California infection control, (2) 2-hour California Dental Practice Act and (3) basic life support leading to certification. Courses must meet Dental Board requirements. Read “Continuing Education Requirements” or visit the Dental Board website.
The employer of an unlicensed dental assistant hired on or after Jan. 1, 2010, is responsible for ensuring that the dental assistant, who has been in continuous employment for 120 days or more, has successfully completed all of the following within a year of employment: (1) a board-approved course in the Dental Practice Act, (2) a board-approved 8-hour course in infection control and (3) a course in basic life support that meets the Dental Board’s requirements. The employer of a dental assistant shall be responsible for ensuring that the dental assistant maintains certification in basic life support. Information, including a list of board-approved 8-hour infection control courses, is available on the Dental Board website.
Must be provided to a patient at least once prior to performing a restorative procedure. The current fact sheet is available on the Dental Board website. The fact sheet may not be changed but a dental practice may provide supplemental information.
Every complete upper or lower denture fabricated by a licensed dentist or fabricated pursuant to the dentist’s work order shall be marked with the patient’s name, unless the patient objects. Information is available in “Guide to Dental Practice Act Compliance.”
All licensees must comply with specified infection control practices. Weekly biological testing (spore test) of sterilizers is required. Written protocols for instrument processing, operatory cleanliness and management of injuries must be developed and periodically updated. When performing procedures that will expose dental pulp, sterile water or other solutions containing recognized disinfecting or antibacterial properties must be used for irrigation. View a copy of the infection control regulations and sample written protocols.
The DPA, HIPAA and state privacy laws regulate the use of patient records and information. Read “Patient Records: Requirements and Best Practices.”
Obtain DEA registration number only if prescribing, dispensing, or administering controlled substances. Register online with the U.S. Drug Enforcement Administration, Diversion Control Program, deadiversion.usdoj.gov. Electronic data prescriptions are required for prescriptions paid for by a government benefit program and, starting Jan. 1, 2022, must be used for all prescriptions except in specified circumstances. Prescribers with DEA registration must register to access CURES, the state’s prescription drug monitoring program. Prescribers, under specified conditions, are required to consult CURES when writing a controlled substances prescription for more than a five-day supply and for refills. Prescribers are required to offer a patient a prescription for naloxone hydrochloride or other FDA-approved drug for complete or partial reversal of opioid depression. Review “Prescribing & Dispensing” for more information.
Before issuing the first opioid prescription to a minor in a single course of treatment, you must discuss specified risk with the minor or minor’s parent or guardian. Use “Consent to Prescribe Opioid to a Minor” to document the discussion.
Certain requirements apply to dentists who receive payment from government benefit programs, who treat or refer patients with Medicare coverage or who have patients with prescription coverage through Medicare.
Healthcare providers are required to enroll in or formally opt-out of Medicare if providing Medicare-covered items or services or if ordering covered clinical laboratory services, imaging services or durable medical equipment for patients on Medicare. Read the ADA’s “Medicare Enrollment FAQ” for more information.
Dental practices that receive payments from certain types of government programs, such as Denti-Cal, Healthy Families, Medicare or electronic health records incentive (“meaningful use”), must comply with rules adopted under the Affordable Care Act Section 1557 that protect individuals from discrimination in health care based on race, color, national origin, age, disability and sex, including discrimination based on pregnancy, gender identity and sex stereotyping. Refer to “Nondiscrimination Requirements Under the Affordable Care Act Section 1557.”
Check the websites of both the city and county where your practice is located for information on required local permits, licenses, taxes and fees. A city or county may collect a tax for each licensed professional working in an office, require a permit for outdoor signs, require a permit for security alarms and collect business property tax. You can also check CalGold, a state website with permit information for all types of businesses. If you are building new or remodeling space, ensure your contractors obtain the necessary permits.
Dental employers must post several notices and provide specific information for the benefit of their employees. Refer to “Required Postings in a Dental Office” for a list of the required notices and posters and online links. One poster set at no cost is available to each member who has confirmed practice ownership. Additional sets will be available for purchase. Be sure to review your cda.org profile to ensure it reflects your status as a practice owner. Note: Individual cities and counties across California have passed local ordinances relating to minimum wage and paid sick leave laws with eligibility rules and posting requirements varying from city to city. Check with the local city government as to whether any local ordinances and posting requirements apply to employees in your practice.
There are recommendations and requirements for retaining business, employee, patient and regulatory compliance records. Review “Records and Documents Retention Guidelines.”
If you sell items to patients, obtain a seller's permit from the state Department of Tax and Fee Administration. Refer to article “Sales and Use Tax.”
Once your practice generates $100,000 in a year, you must register with the state Department of Tax and Fee Administration for reporting use tax. Refer to the article “Sales and Use Tax.”
Dental practices are considered places of public accommodation and have an obligation to ensure their services are available to the disabled. Refer to the article “Best Defense Against Disability Lawsuits.”
Obtain an EIN from the IRS website.
Register as an employer with the state Employee Development Department and review California Employers Guide (DE44) for information on employee taxes and withholdings. Complete Registration Form for Commercial Employers (DE 1) no later than 15 days after the first $100 in wages is paid. The California Employers Guide can be found online. You can also go to the EDD website to learn how to submit payroll taxes.
Obtain mandatory coverage.
One free poster set is available to members who have been identified as practice owners from CDA; extra poster sets are available for purchase. See “Required Postings in a Dental Office'' for online links to the required posters.
Have required brochures on sexual harassment, disability insurance, paid family leave and workers’ compensation available to give to newly hired employees. See “Required Postings in a Dental Office” for online links to the required brochures.
An employee manual provides your employees with information about and a reference regarding their rights and obligations in your practice. While an employee manual isn’t required by law, compliance with certain laws in California require written policies.
Employers are required to provide employees specified training and to document it. Review “Required Employee Training” for details.
Refer to the “New Employee Orientation and Onboarding Checklist” for a list of required items when hiring a new employee.
Set up separate employee files for confidential records* and standard onboarding and employment records. *Examples include records that contain medical information, injury reports, background check documents, etc. Refer to the “Employee Personnel Files” resource for specific requirements and best practices.
California employers are required to annually notify all their employees of the federal and state Earned Income Tax Credit.
Federal Earned Income Tax Credit
Earned Income Tax Credit (Cal EITC)
A nonexempt employee is eligible for overtime if he or she works more than eight hours a day or 40 hours a week. Employers may consider adopting an alternative workweek to reduce overtime costs if you want staff to work more than eight hours a day but no more than 40 hours a week. Information on holding an alternative workweek election can be found in Industrial Welfare Commission Wage Order #4-2001, one of the required posters. Such a schedule can be implemented after a vote of all employees in a work unit following proper disclosure and procedures. Resources to guide you through the process and a sample letter to send to the state are in the “Alternative Workweek Resources.”
Employers with five or more employees must provide sexual harassment prevention training to all employees in California between Jan. 1, 2019, and Jan. 1, 2020, and thereafter every two years. Employers are required to provide at least two hours of classroom or other effective interactive training and education regarding sexual harassment to all managerial employees and at least one hour of classroom or other effective interactive training and education regarding sexual harassment to all nonmanagerial employees within six months of their hire or promotion date.
Cal/OSHA relies on documentation of effective written plans outlining the employer’s safety program, communication of hazards to employees and on employee training for enforcement of its regulations. These written plans should be in place before hiring an employee.
Develop this written plan that serves as an umbrella plan to the other Cal/OSHA-required plans. The plan may include elements to exempt a dental practice from the Aerosol Transmissible Disease regulation. See the CDA Regulatory Compliance Manual for a sample plan. Review the plan’s checklist.
Develop this written plan to describe how the dental practice prevents the transmission of the virus that causes COVID-19 at the practice. See the CDA Regulatory Compliance Manual for a sample plan.
Develop this written plan to describe the circumstances in which employees are required to wear respiratory protection, the type of respirators used, how to use them safely and the fit-testing process. See the CDA Regulatory Compliance Manual for a sample plan.
Develop this written plan that explains the employer’s policies for preventing cross- contamination and employee exposure to blood and saliva. Implement policies on personal protective equipment, sharps evaluation and more.See the CDA Regulatory Compliance Manual for a sample plan. Review the plan’s checklist.
Develop this written plan to describe how the employer communicates to employees about workplace hazards. Develop inventory list of hazardous substances, ensure containers are appropriately labeled and collect and organize safety data sheets (SDS). See the CDA Regulatory Compliance Manual for a sample plan. Review the plan’s checklist.
An employer must have an ergonomics program to minimize repetitive motion injury (RMI) when an RMI has occurred to more than one employee under certain conditions. See the CDA Regulatory Compliance Manual for a sample plan. Review the plan’s checklist.
This plan describes what employees should do in case of a fire or emergency. See the CDA Regulatory Compliance Manual for a sample plan. Review the plan’s checklist.
This plan describes procedures for employees to follow to prevent accidents, such as those caused by improperly stored items, damaged equipment or working around electric-powered devices. See the CDA Regulatory Compliance Manual for a sample plan. Review the plan’s checklist.
Health care providers, first responders and other employers are required to comply with this regulation. Most dental practices and many specialty medical practices can be exempt from the regulation as long as the practices comply with specific conditions. Read “Cal/OSHA Regulation on Aerosol Transmissible Diseases.”
A permit is required for any air tank that is 1.5 cubic feet in volume or larger or when the safety valve is set greater than 150 psi. Read “Air Compressor/Tank Permits.”
Plumbed or self-contained eyewash stations must be located where it takes no more than 10 seconds for an injured person to reach. Eyewash stations must meet the ANSI standard cited in the Cal/OSHA regulation.
If the substance in any form is used in the workplace, the employer must provide employee training, except where the employer can show, using objective data, that employees are not exposed to formaldehyde at or above 0.1 ppm. Use of the substance must be reported to Cal/OSHA.
Cal/OSHA has set permissible exposure levels (PEL) for hundreds of substances, including nitrous oxide, formaldehyde, glutaraldehyde and mercury. If an employee complains or has questions on exposure to these chemicals, the employer must provide data that employee exposure is less than the PEL or else monitor to demonstrate that exposure is less than the PEL.
Offer vaccination to employees who are potentially exposed to blood-borne pathogens. Document action as required. Refer to “Hepatitis B Vaccination: Requirement and Recommendations.”
If an employee or employees launder personal protective equipment or other items as a work assignment, the employer must provide appropriate personal protective equipment and training on potential hazards of the task and safe practices.
Inform employees of the existence, location and availability of their medical and exposure records and of their rights to see them and to have a copy of the regulation. See the regulation that is included as Appendix 2 the CDA Regulatory Compliance Manual.
Smoking is prohibited in enclosed areas at the workplace. Employers must notify workplace visitors of the prohibition by posting clear and prominent signs stating, “No smoking,” at the building entrances. Signs stating, “Smoking is prohibited except in designated areas,” also may be posted at building entrances if smoking is permitted in designated areas. Employers may purchase ready-made signs or create their own signs.
All California dental practices must comply with state privacy laws that sometimes overlap with the federal Health Insurance Portability and Accountability Act (HIPAA) that is applicable to “covered entities.” “Covered entities'' are healthcare providers, health plans and health information clearinghouses that perform certain transactions electronically. A detailed compliance guide is available from the American Dental Association. We strongly recommend you use the ADA Complete HIPAA Compliance Kit to help you develop or update your office policies and procedures. It has sample forms and policies and provides thorough discussions and considerations on how HIPAA compliance affects a dental practice. You can refer to the ADA kit for almost every item listed below. An expanded checklist for compliance with privacy laws, an overview of state and federal privacy rules, forms that comply with both federal and state privacy laws and other resources are available in the Resource Library.
Obtain an NPI number to be used for claims. Type 1 NPI number is for individuals and is used to identify a treating provider on claims. Pharmacies require prescribers to provide individual NPI numbers. Type 2 NPI number is for a business entity and is typically used on claims for the billing provider. A provider may have one individual NPI number and one or more Type 2 NPI numbers depending on the number of dental practices owned. Refer to information posted on the U.S. Department of Health and Human Services website.
Designate one person to be both the privacy and security officer for the practice or assign two individuals the different responsibilities. The privacy officer is responsible for implementing privacy policies and procedures and for training staff on them. The privacy officer also may receive and process patient and third- party requests for patient information and for amending information. The privacy officer receives complaints regarding privacy and information requests on the practice’s Notice of Privacy Practices. The privacy officer ensures required documentation is completed and retained for specified periods. The security officer shares some responsibilities with the privacy officer with regard to administrative policies and procedures. The security officer is responsible chiefly for the security of patient information that is stored, used and transmitted electronically and may work with outside vendors on the administrative, technical and physical security safeguards.
Document where and how patient information is used, managed, stored and transmitted in the practice. Identify risks to patient information, such as fire or a hacking incident, and assess the impact of that risk to the practice. Assess safeguards the practice has in place with HIPAA Security Rule specifications. Develop a risk management plan that addresses how the practice manages high risk scenarios. The assessment must be thorough and documented and should be redone periodically and as needed.
Develop written policies to address how the dental practice prevents the unauthorized and unintentional release of protected health information in all forms of communication — oral, written and electronic. Also, include policies on patient access to records, disclosure of information to third parties and steps to take after a data breach. Written documentation must include administrative, physical and technical safeguards.
Develop this patient notice of your practice’s privacy policies and procedures. The notice describes patient rights with regard to their information and the practice’s responsibilities. Obtain patient acknowledgement of receipt of notice. See “Sample Notice of Privacy Practices.”
Enter into agreement with any entity that the dental practice allows to have access to patient information for nonclinical purposes. Agreement is to ensure privacy and security of the information. See “HIPAA Business Associate Agreement.”
Take steps to protect against unauthorized use or disclosure of electronic patient information. Must implement or address specific security safeguards included in the HIPAA Security Rule. Document the policies and procedures the practice follows to protect the accessibility, integrity and availability of electronic patient information. See “HIPAA Security Rule – A Summary” and “Security Rule Guidance Material” on hhs.gov.
Document procedures to follow after a suspected breach is made known. Breach risk assessment is not required if the HIPAA covered entity notifies the affected individual or individuals. Follow state and federal breach notification procedures. See “Data Breach Notification Requirements.”
Train employees on the dental practice’s privacy policies and procedures and cybersecurity awareness. Make employees aware that they will be disciplined for failing to comply with the practice’s policies and procedures and that discipline can include termination of employment.
Check the California Department of Public Health website to identify your local enforcement agency. The local enforcement agency can be the state DPH, the county environmental health department or another local agency.
Utilize the “Medical Waste Management Plan” to learn what exactly is medical waste and the requirements for its management and disposal. “Dental Office Waste Management Options” includes a list of mail-back programs.
Generators of hazardous waste (in a dental office this includes fixer, dental amalgam, solutions with chromium, X-ray film (silver), highly flammable solutions and solutions with formaldehyde) must have a Hazardous Waste ID Number. To learn more and to apply, visit the Department of Toxic Substances Control website.
Install amalgam separator(s) and complete required documentation if federal rule is applicable to the practice. A local sanitation district may require that a dental practice obtain a wastewater discharge permit. Read “Amalgam Separator Requirement Q&A.”
Arrange for hazardous/universal waste pickup or mail-back service. Look into the possibility of using your local household hazardous waste program. See “Household Hazardous Waste and Small Quantity Generator Programs.”
Post Proposition 65 sign or provide notice through informed consent, if applicable. Read “Proposition 65 FAQ.”
Register x-ray equipment with the state Department of Public Health Radiologic Health Branch. Both Los Angeles and San Diego counties require a plan check for a facility with x-ray machines.
Obtain and post a copy of radiation regulations (also referred to as “Title 17 regulations”). Obtaining and making available to staff a copy of CDA’s “Radiation Safety in Dental Practice” satisfies this requirement. On the “Notice to Employees” radiation safety poster, record the location where employees can find the radiation regulations in your office.
Determine if you need to obtain dosimeters for staff. Read the article “Radiation Personnel Monitors (Dosimeters).”
Provide employees with radiation safety instructions.
If using a portable dental X-ray unit, obtain a copy of the California Department of Public Health exemption and comply with its provisions.
California dental practices may be required to comply with certain industry-imposed standards. Although these programs are not regulatory, they are included on this list because they affect most dental practices.
Credit card companies impose data security standards on businesses that accept and process credit card payments. Check with your credit card processor for details.
The state requires dental benefits plans to conduct quality assurance audits on their providers. Read more about the audits in the “Dental Benefit Handbook.”