<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1509085172462112&amp;ev=PageView&amp;noscript=1">

Patient Prism's Dental Industry Blog

Here you'll find hundreds of articles and video interviews with dental industry experts on the topics of DSO and practice growth, dental software, call-tracking technology, patient experience and artificial intelligence fueling the dental industries ability to treat more patients and change lives.

November 2019--“When it comes to HIPAA, dental practices are definitely not under the radar,” says HIPAA expert Linda Harvey, who cites three examples. It's scary to see how easy it is to make mistakes.

HIPAA requires medical/dental records to be retained for six years from the date of its creation or last use—whichever comes later. The following different types of Patient Health Information are protected under HIPAA privacy laws:

  • Contact information for patients and their emergency contacts: names, addresses, phone numbers, fax numbers, email addresses
  • Demographic information (race and gender)
  • Social Security numbers
  • Driver license numbers
  • Health plan beneficiary numbers
  • Dental/medical record numbers
  • Patient/financial account numbers
  • Insurance communications
  • Diagnostic and treatment records, for example, descriptions of clinical procedures provided, perio charting, x-rays, digital impressions, photo images, notes about treatment plan review, patient treatment acceptance, and prescriptions.
  • Vehicle identifiers and serial numbers, including license plates
  • Communications with and about patients containing Web URLS, Internet Protocol (IP) address numbers, devise identifiers and serial numbers 
  • And more . . .  basically, any recorded identifying numbers, characteristics, or codes

Effective call-coaching with Patient Prism. Schedule a demo ›

HIPAA Breach Example 1: Failure to Shred Disposed Dental Patient Records

My first example of a HIPAA breach is an Indiana dentist who hired a professional company to dispose of 63 boxes of patient records and that company put them in a dumpster in a church parking lot. The dentist was fined $12,000. Before hiring someone to shred and dispose your records, look deeply into their business history.

When it comes time for disposal, you can’t just throw patient records in the trash. According to the Department of Health and Human Services), a properly destroyed medical record or piece of Patient Health Information has to be made “unreadable, indecipherable, and otherwise unable to be reconstructed.”

 

HIPAA Breach Example 2: Failure to Notify Patients that Their Data Was Compromised

My second example of a HIPAA breach is an Arkansas oral surgery group that was attacked by ransomware on their computer. All their data was locked for a three-week period. They were unable to access their patient records, so as a result, they needed to notify all those patients that their data had possibly been compromised. This is a reminder that no matter how secure you think your systems is, you have got to keep reviewing and updating your security software on a regular basis. Plus, you need a back up of patient contact information so you can notify your patients if their data may have been compromised.

 

HIPAA Breach Example 3: Digital Records Denied Access by Software Vendor

My third example is a Florida practice whose electronic health records (EHR) vendor will not return their records after the practice terminated the vendor’s service. Not only does this violate the end user license agreement, but it's also violates HIPAA. This is apt to become a visible and interesting case as the law is very specific. Even if the dental practice owed that vendor money, the vendor is not allowed to withhold the records. 

If you do not have an electronic back up of your patients’ EHR information, in a situation like this one, your hands are tied while resolution is sought. You will be unable to comply with patient requests for a copy of their records and adhere to other important aspects of HIPAA compliance. 

Carefully evaluate any EHR vendor under consideration. Make sure your patient records are backed up on a secure server you have access to at all times, emergency or otherwise.

 

The Consequences of HIPAA Breaches

There are many additional types of HIPAA breaches that have put dental practices in “hot water” and increased the risk of negative consequences such as the following, but at the end of the day, the patients are the real victims.

When your dental practice breaches HIPAA privacy rules, you are at risk for:

  • Rupture in the good relationships you have with patients
  • Injury to patient trust
  • Damage to the practice reputation
  • Department of Health and Human Services review and penalties
  • Disruption of smooth practice operations 
  • Litigation and recovery costs in terms of time, money, and emotions
  • Employee concerns about the stability of the practice 
  • Lowered workplace enjoyment

I recommend that dental practice owners team with their office managers and team leaders to eliminate risk by:

  • Being well informed about HIPAA compliance and common pitfalls 
  • Making sure all team members receive HIPAA training  
  • Safeguarding electronic information and paper documents 
  • Being vigilant to spot potential problems in your operations that could lead to HIPAA compliance failures 
  • Having a HIPAA expert come in to do a compliance audit and coach the team
  • Taking any needed corrective measures as fast as possible 

 

More HIPAA Related Resources

Within this Patient Prism blog, you will find more videos that focus on HIPAA compliance. And Patient Prism subscribers can access additional HIPAA compliance videos in Patient Prism Academy -- an extensive, online, video-learning library that contains over 900 videos featuring experts in dentistry.

Schedule a Patient Prism Demo with Brenton Paul

Share Post:

Ready for a quick demo?

Patient Prism is A.I.-driven software that helps dental practices grow new patient revenue by booking more first-time callers.

Instantly increase new patient revenue by 30% on average.

Patient Prism provides your front desk team or call center with the tools and coaching they need to book more new patients on the first phone call. 

Schedule Demo

Related Posts

Bulletproof: Patient Prism Equips Private Dentists to Compete with DSOs

August 2023 In Bulletproof Dental Practice Podcast Episode 302, hosts Dr. Peter Boulden and Dr. Craig Spodak ask Patient...

Bulletproof: Did a New Patient Call and Then Fail to Schedule? Reach Out!

August 2023 "If there is anything resounding that we have learned at Patient Prism, it is that reaching back out to offe...

Bulletproof: There Is Actionable Intelligence in Your Calls

August 2023 In Bulletproof Dental Practice Podcast Episode 302, hosted by Dr. Peter Boulden and Dr. Craig Spodak, Patien...