Outlines laws, provides links & other useful resources. California has many laws aimed at protecting the personal and confidential information of its residents.

Use this sample form to obtain patient consent for use or disclosure of patient information as required by HIPAA and state law.

A credit card company may request information when a patient disputes a charge to a dental practice. Use these resources to respond to the company.

Learn what cybersecurity practices your dental practice should have by reviewing resources from these government agency websites.

California law requires individuals be notified when specified personal information, including health and medical insurance information, that is stored electronically is breached. 

Describes state requirements to include in a dental practice’s policies and procedures for protecting patient information. 

Answers to questions asked by dental offices on how to comply with HIPAA rules on privacy, security, and national provider identification (NPI).

This checklist provides an at-a-glance view of elements required to comply with state and federal privacy laws. 

This is the fourth of four presentations created to train a dental practice’s privacy officer and security officer on the requirements of federal and state privacy laws and on their respective responsibilities. 

Describes HIPAA business associates and the requirement for covered entities such as dental practices to have agreements with them. A sample business associate agreement is included.

This is the first of four presentations created to train a dental practice’s privacy officer and security officer on the requirements of federal and state privacy laws and on their respective responsibilities. 

A discussion on HIPAA safeguards – what administrative, technical and physical safeguards are required to be implemented and how to determine if a safeguard is reasonable and appropriate.

The rule sets standards to protect patient information in electronic form. A covered entity must implement or address more than 30 administrative, physical and technical standards summarized here.

This is the third of four presentations created to train a dental practice’s privacy officer and security officer on the requirements of federal and state privacy laws and on their respective responsibilities. 

This PowerPoint presentation can be used in conjunction with the dental practice’s written policies and procedures to train staff on compliance with HIPAA and state laws.

Format and content, patient access to records and requests to amend, disclosure of information, data breach notification, retention and disposal, transferring records in a sale.

Summary of records release rules with customizable sample form. Patients have the right to access their record and can request paper, film or electronic copies.

Includes information on this patient right to restrict disclosure of patient health information to a dental benefit or health care plan and a sample form to use for a patient who requests such a restriction.

Describes patient rights and dental practice responsibilities under HIPAA. Patients must be informed of these rights through the distribution of the covered entity’s Notice of Privacy Practices.

This is the second of four presentations created to train a dental practice’s privacy officer and security officer on the requirements of federal and state privacy laws and on their respective responsibilities. 

Use sample notice to inform patients of a breach of their personal information. Sample notice includes elements required by law.

Practices should personalize the attached sample language to their practices and confirm that the agreement is consistent with existing policies and procedures.

Customize this form to create a practice’s notice. It must have specified elements. The final notice must be provided to patients and an acknowledgment of receipt should be collected. Post it in the practice and on the practice website.

A customizable form to notify patients of privacy practices. Layered version is formatted to allow posting of the first page on a wall with the full notice available for review close to the posting.

Summarizes prohibited actions and best practices for businesses collecting social security numbers or copies of driver’s licenses.