Enforcement actions against providers by the U.S. Department of Health and Human Services, Office for Civil Rights to uphold patients’ rights to access or protect their private health information are increasingly common. Two recent cases in particular serve as an important reminder for dental professionals to stay vigilant when it comes to HIPAA compliance.
California dentist named in one of two settlements
In December 2022, OCR announced two settlements for complaints that were brought against providers who were in violation of the HIPAA Privacy Rule.
In the first complaint, a Florida health clinic failed to provide timely access to requested patient records despite multiple requests. “The right of patients to access their health information is one of the cornerstones of HIPAA, and one that OCR takes seriously. We will continue to ensure that health care providers and health plans take this right seriously and follow the law,” stated OCR Director Melanie Fontes Rainer. Rainer also pointed to the responsibility of providers to implement procedures and workforce training to ensure they and their staff do all they can to help patients access records.
The subject of the second complaint was a California dentist (not a CDA member) who disclosed patient health information within a social media post. “This latest enforcement action demonstrates the importance of following the law even when you are using social media,” Rainer explained. “Providers cannot disclose protected health information of their patients when responding to negative reviews online. This is a clear ‘NO.’”
In both cases, the dentists were required to provide monetary settlements and will undertake corrective action plans that include two years of monitoring by OCR to ensure proper adherence to the HIPAA Privacy Rule.
How does CDA help members achieve compliance?
Understanding that HIPAA compliance is essential to the health of your dental practice, CDA has resources available to help members understand and achieve compliance.
- CDA members can access an array of HIPAA and privacy tools, information and downloadable forms. These include checklists, downloadable sample forms, such as the patient request to release records, a presentation on how to conduct a HIPAA risk analysis and an article on uses and disclosures of patient health information. Log in to your CDA member account to view more than 25 available privacy and HIPAA essentials.
- Another valuable HIPAA compliance resource available to members is through Abyde, one of CDA’s vetted business partners provides training for doctors and staff, eases the customization of policy documentation and more.
Dental professionals are urged to utilize available guidance and tools from CDA so that your practice can avoid the cost and difficulty of a HIPAA violation.