Skip to main content



State and federal privacy laws, including the state Confidentiality of Medical Information Act (CMIA), HIPAA Privacy and Security rules, and data breach notification requirements. Also includes information on how to comply with payment card industry data security standards (PCI DSS).
Before recording, protect private patient information

Surveillance cameras in dental offices are becoming more and more common. The driving force behind them is typically security, as cameras can aid in loss control, deter theft and discourage other criminal activity. But cameras are not without their drawbacks. Prior to hitting the record button, practice owners should be aware of the laws and regulations surrounding their use. While laws vary from state to state, there are some basic guidelines.

Dental practice pays $10K to settle disclosures of patients' PHI on social media

A private dental practice in Dallas, Texas, has agreed to pay $10,000 to the U.S. Department of Health and Human Services’ Office for Civil Rights to settle potential violations of the HIPAA privacy rule. The HHS reported that the OCR completed its investigation of a complaint by a patient who alleged that the practice disclosed on social media the patient’s last name and the details of the patient’s health condition.

Dentists can use CDA's new Practice Health Check to evaluate HIPAA privacy law compliance

Every quarter, CDA publishes a Practice Health Check focusing on a different topic related to the business side of dentistry. HIPAA compliance, specifically patients’ access to their records, is the focus in the second quarter of 2023. CDA members are invited to take the Q2 Practice Health Check consisting of just three questions.

Dentists required to comply with new information blocking rule granting patients more access to health records

All health care providers, including dentists, will soon be required to comply with a new federal regulation that aims to enhance a patient’s right to access their health information. Under the new rule, patients will have greater and, at times, immediate access to health information.

Do collection agency efforts violate HIPAA - it depends

CDA Practice Support recently received a call from a dentist about a disgruntled patient who was accusing the dentist of violating the patient’s HIPAA privacy rights because of a past-due bill.

Specifically, the patient claimed that they received a letter from a collection agency and the fact that the collection agency had their information was a violation of the Health Insurance Portability and Accountability Act (HIPAA). CDA confirmed that this is not a violation of HIPAA as long as the dentist took the proper steps to inform patients how the practice uses patient information and to provide to the collection agency only the minimum necessary information for the agency to perform its work.

Health care providers exempt from new state privacy law

The California Consumer Privacy Act, which took effect Jan. 1, aims to give California consumers greater control over their personal information by imposing certain obligations on entities covered by the law. Although health care providers such as dental practices are exempt from this new law, it is important to understand that some of the law’s provisions are similar to those required by HIPAA and the California Confidentiality of Medical Information Act.

Health entity fined for failure to provide timely patient records

A medical center in St. Petersburg, Florida, is the first to face enforcement action by the U.S. Department of Health and Human Services for failing to promptly provide a patient with medical records. The HHS Office for Civil Rights announced early this year that it would vigorously enforce its Right of Access Initiative that allows patients to receive copies of their medical records promptly and without being overcharged.

New HIPAA training resources from CDA developed specifically for dental practices

Any dental practice that is uncertain if is fully compliant with HIPAA and state privacy laws will benefit from four new HIPAA training resources available in the CDA Practice Support section of Each resource is intended to train both the privacy officer and the security officer in a dental practice on their shared responsibilities.

Thinking of bringing on a virtual assistant in the dental practice? That’s an option, but proceed with caution

HIPAA does not prohibit the use of virtual assistants, including those who work outside of the U.S. However, as HIPAA-covered entities, dentists and the businesss associates they contract with are responsible for ensuring assistants are trained to safeguard patient information.