Skip to main content


Patient Records, Communication and Marketing

August 18, 2021 5204

Records and forms

If a practice was purchased, obtain patient authorization before using the patient record in order to comply with state privacy law. Authorization to use this record is implied when a patient makes an appointment to be seen by the practice. Consider sending to patients an announcement of the practice purchase.

Develop or acquire new patient forms, informed consent forms, form letters and scripts for communicating with patients and others. Review “Patient Acknowledgements and Authorizations” and “Patient Notifications and Disclosures” for types of necessary forms. Many of these are available as practice management resources on 

Privacy and security laws

Gain a general understanding of state and federal privacy and data security laws. State laws apply to all health care providers, even those who are not HIPAA-covered entities. Understand what uses and disclosures of patient information require patient authorization, do not require patient authorization or are required. Compliance with HIPAA requires a risk analysis and development of policies and procedures describing how a dental practice complies with the law.

Policies and procedures

Develop written policies and procedures on how the dental practice prevents the unauthorized and unintentional release of protected health information in all forms of communication – oral, written and electronic. Include policies on patient access to records and other patient rights, use and disclosure of patient information to third parties, compliance with HIPAA Security Rule standards and steps to take after a data breach.

Refer to The ADA Practical Guide to HIPAA Compliance: Privacy and Security, which has sample forms, sample policies and checklists of action to consider and take. Review “Data Breach Notification Requirements Checklist” and “Patient Records: Requirements and Best Practices” and “HIPAA and California Medical information Act Implementation Checklist” for additional information.

Develop a notice of your practice’s privacy policies and procedures (“Notice of Privacy Practices”) and ensure it is posted where required. Refer to “Sample Notice of Privacy Practices”.

Enter into a business associate agreement with any entity that uses the practice’s patient information to provide a service (usually nonclinical). Agreement verifies the entity’s obligation to comply with the HIPAA Security Rule and may include other conditions related to notification. A sample “HIPAA Business Associate Agreement” is available on

Review “HIPAA Security Rule: A Summary”. Guidance material is available on the U.S. Health & Human Services website. FAQs are also available online.

Patient consent

Obtain patient consent to call or text them using cellphone number per Federal Communication Commission regulation. Obtain patient consent to contact them via email.

Obtain Dental Materials Fact Sheet from the Dental Board and implement a process to distribute to patients and obtain patients’ acknowledgment of receipt.

Language needs

If applicable, comply with notification requirements of ACA 1557. Read “Nondiscrimination Requirements Under the Affordable Care Act Section 1557”. Identify language interpreters for use at the practice. Dental benefit plans provide them for their beneficiaries.

Identify sign-language interpreters for use at the practice and understand practice obligations under federal and state disability access laws. Read “Best Defense Against Disability Lawsuits” on

Patient records

Determine/develop a patient record management system. Read the article “Patient Records – Requirements and Best Practices”.

Review “Patient Request to Access Records (Records Release) Form and Q&A” and develop your policy and form.

Develop scheduling policies and procedures.


Follow through on the marketing plan that was developed as part of your business plan. Review “Dental Practice Marketing and Advertising 101” and related checklists on

Ensure the practice website is accessible to the visually impaired and contains required elements such as a Notice of Privacy Practices and a CalOPPA notice. Review "Chapter 2 of the Legal Reference Guide for California Dentists.”

Comments are only visible to subscribers.