Privacy/HIPAA

Two small health care providers in Virginia and Colorado have agreed to pay $10,000 and $3,500, respectively, to settle potential violations of the HIPAA Privacy Rule’s “right of access” provision.

HIPAA fee limits do not apply to a patient’s request to transmit records to a third party or to a third-party’s request, with patient authorization, to receive patient health information, according to a notice released by the U.S. Department of Health and Human Services.

Any dental practice that is uncertain if is fully compliant with HIPAA and state privacy laws will benefit from four new HIPAA training resources available in the CDA Practice Support section of cda.org. Each resource is intended to train both the privacy officer and the security officer in a dental practice on their shared responsibilities.

The California Consumer Privacy Act, which took effect Jan. 1, aims to give California consumers greater control over their personal information by imposing certain obligations on entities covered by the law. Although health care providers such as dental practices are exempt from this new law, it is important to understand that some of the law’s provisions are similar to those required by HIPAA and the California Confidentiality of Medical Information Act.

Surveillance cameras in dental offices are becoming more and more common. The driving force behind them is typically security, as cameras can aid in loss control, deter theft and discourage other criminal activity. But cameras are not without their drawbacks. Prior to hitting the record button, practice owners should be aware of the laws and regulations surrounding their use. While laws vary from state to state, there are some basic guidelines.

A private dental practice in Dallas, Texas, has agreed to pay $10,000 to the U.S. Department of Health and Human Services’ Office for Civil Rights to settle potential violations of the HIPAA privacy rule. The HHS reported that the OCR completed its investigation of a complaint by a patient who alleged that the practice disclosed on social media the patient’s last name and the details of the patient’s health condition.

A medical center in St. Petersburg, Florida, is the first to face enforcement action by the U.S. Department of Health and Human Services for failing to promptly provide a patient with medical records. The HHS Office for Civil Rights announced early this year that it would vigorously enforce its Right of Access Initiative that allows patients to receive copies of their medical records promptly and without being overcharged.

CDA Practice Support recently received a call from a dentist about a disgruntled patient who was accusing the dentist of violating the patient’s HIPAA privacy rights because of a past-due bill.

Specifically, the patient claimed that they received a letter from a collection agency and the fact that the collection agency had their information was a violation of the Health Insurance Portability and Accountability Act (HIPAA). CDA confirmed that this is not a violation of HIPAA as long as the dentist took the proper steps to inform patients how the practice uses patient information and to provide to the collection agency only the minimum necessary information for the agency to perform its work.