|  | Healthcare Industry | Health Insurance

HIPAA Privacy Requirements for Dentists

Federal privacy laws indicate that certain information must be protected. The Health Insurance Portability and Accountability Act of 1996 mandates extra protection for the privacy of patients' health information. The regulations also create additional rights for patients in regards to that information.



Dentists are unique providers under HIPAA because they may not have to comply. Only providers who meet certain requirements must fulfill the provisions under HIPAA.

  1. Protected Health Information

    • HIPAA governs the use of personal health information, more commonly known as PHI. PHI directly identifies an particular individual. PHI includes, but is not limited to, first and last names, Social Security numbers, birth dates (except for the year), email addresses and home addresses. PHI may also be considered information that is unique to the health insurance claim, such as the claim number and the health plan beneficiary number.

    Covered Entities

    • Health care providers that are considered covered entities are the only providers who have to comply with HIPAA regulations. Dentists who transmit certain PHI in electronic forms sent either directly or indirectly through a vendor or separate billing service are considered covered entities.

      The electronic transactions could also include claim submissions, predeterminations, eligibility requests and computer communications regarding referrals. However, this does not include all electronic messages. Sending an email or a stand-alone fax with patient information does not necessarily mean the dentist is a covered entity.

      Dentists who are covered entities are also responsible for teaching their staff about the proper disclosure of patients' personal information. Any dentist found to be in violation of HIPAA regulations may be fined up to $100 for each privacy complaint. The provider could also be subject to an annual cap of $25,000 if the violation is repeated. Dentists who sell personal information may see even heavier penalties, including prison time.

    Privacy Officials

    • Dentists that are covered entities must comply with the four main parts of the HIPAA security rule: administrative procedures, physical safeguards, technical security services and technical security mechanisms. Dentists often name a privacy or security official to be held responsible for ensuring that all of these policies are fully documented and implemented.

    Noncovered Entities Options

    • The American Dental Association suggests that any dentist who is not covered under the federal privacy law should consider adopting all or part of the regulations. Because patients will likely see their other health care providers implement HIPAA requirements, following suit could keep patients from wondering why their dentist is not taking the same precautions. Also, if stricter privacy laws are ever passed by Congress, your office will already have the proper protocol in place.

Health Insurance - Related Articles