Privacy and HIPAA

California-Specific Privacy Laws

Outlines laws, provides links & other useful resources. California has many laws aimed at protecting the personal and confidential information of its residents.

Consent Form for Use or Disclosure of Patient Health Information

Use this sample form to obtain patient consent for use or disclosure of patient information as required by HIPAA and state law.

Credit Card Chargeback and Release of Patient Information

A credit card company may request information when a patient disputes a charge to a dental practice. Use these resources to respond to the company.

Cybersecurity Information Resources

Learn what cybersecurity practices your dental practice should have by reviewing resources from these government agency websites.

Data Breach Notification Requirements

HIPAA and California law require individuals be notified when specified personal information, including health and medical insurance information is breached. This article summarizes the requirements and provides a checklist of steps to follow when patient information may have been breached or accessed without authorization.

Ensure State Provisions Are Included In Your Privacy Policies and Procedures

Describes state requirements to include in a dental practice’s policies and procedures for protecting patient information. 

HIPAA and California Health Information Privacy and Protection Laws Q&A

Answers to questions asked by dental offices on how to comply with HIPAA rules on privacy, security, and national provider identification (NPI).

HIPAA and the California Medical Information Act

This checklist provides an at-a-glance view of elements required to comply with state and federal privacy laws. 

HIPAA Breach Assessment and Notification

This is the fourth of four presentations created to train a dental practice’s privacy officer and security officer on the requirements of federal and state privacy laws and on their respective responsibilities. 

HIPAA Business Associate Agreement

Describes HIPAA business associates and the requirement for covered entities such as dental practices to have agreements with them. A sample business associate agreement is included.

HIPAA Privacy and Security Officers: Overview of Responsibilities

This is the first of four presentations created to train a dental practice’s privacy officer and security officer on the requirements of federal and state privacy laws and on their respective responsibilities. 

HIPAA Safeguards

A discussion on HIPAA safeguards – what administrative, technical and physical safeguards are required to be implemented and how to determine if a safeguard is reasonable and appropriate.

HIPAA Security Rule - A Summary

The rule sets standards to protect patient information in electronic form. A covered entity must implement or address more than 30 administrative, physical and technical standards summarized here.

HIPAA Training Resources

The first four PowerPoint presentations listed below are intended to instruct dental practice HIPAA privacy and security officers on their responsibilities under HIPAA and state privacy and security laws. The fifth and last PowerPoint presentation listed below can be used in combination with a dental practice’s written policies and procedures to train the office workforce (includes students and others).

How to do a HIPAA Risk Analysis

This is the third of four presentations created to train a dental practice’s privacy officer and security officer on the requirements of federal and state privacy laws and on their respective responsibilities. 

Information Privacy and Security - HIPAA, State Laws

This PowerPoint presentation can be used in conjunction with the dental practice’s written policies and procedures to train staff on compliance with HIPAA and state laws.

Patient Records - Requirements and Best Practices

Format and content, patient access to records and requests to amend, disclosure of information, data breach notification, retention and disposal, transferring records in a sale.

Patient Request to Access Records (Records Release) Form and Q&A

Summary of records release rules with customizable sample form. Patients have the right to access their record and can request paper, film or electronic copies.

Patient Request to Restrict Disclosure of Patient Health Information to a Dental Benefit or Health Care Plan

Includes information on this patient right to restrict disclosure of patient health information to a dental benefit or health care plan and a sample form to use for a patient who requests such a restriction.

Patient Rights Under HIPAA

Describes patient rights and dental practice responsibilities under HIPAA. Patients must be informed of these rights through the distribution of the covered entity’s Notice of Privacy Practices.

Patient Rights, Privacy Practices and Safeguards

This is the second of four presentations created to train a dental practice’s privacy officer and security officer on the requirements of federal and state privacy laws and on their respective responsibilities. 

Sample Breach Notification Notice

Use sample notice to inform patients of a breach of their personal information. Sample notice includes elements required by law.

Sample Nondisclosure Agreement

Practices should personalize the attached sample language to their practices and confirm that the agreement is consistent with existing policies and procedures.

Sample Notice of Privacy Practices

Customize this form to create a practice’s notice. It must have specified elements. The final notice must be provided to patients and an acknowledgment of receipt should be collected. Post it in the practice and on the practice website.

Social Security Numbers and Drivers Licenses

Summarizes prohibited actions and best practices for businesses collecting social security numbers or copies of driver’s licenses. 

Surveillance Cameras: What to Consider Before Installing Them

Describes items dentists should consider when contemplating the use of video surveillance cameras at the practice. Sample notification language for patients and employees included.

12