What does the HIPAA Privacy Rule do?
The HIPAA Privacy Rule for the first time creates national standards to protect individuals’ medical records and other personal health information.
- It gives patients more control over their health information.
- It sets boundaries on the use and release of health records.
- It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
- It holds violators accountable, with civil and criminal penalties that can be imposed if they violate patients’ privacy rights.
- And it strikes a balance when public responsibility supports disclosure of some forms of data – for example, to protect public health.
For patients – it means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used.
- It enables patients to find out how their information may be used, and about certain disclosures of their information that have been made.
- It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure.
- It generally gives patients the right to examine and obtain a copy of their own health records and request corrections.
- It empowers individuals to control certain uses and disclosures of their health information.
Generally, what does the HIPAA Privacy Rule require the Dental Office to do?
For Dental practices, the Privacy Rule requires activities, such as:
- Notifying patients about their privacy rights and how their information can be used.
- Adopting and implementing privacy procedures for its practice, hospital, or plan.
- Training employees so that they understand the privacy procedures.
- Designating an individual to be responsible for seeing that the privacy procedures are adopted and followed.
- Securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them.
To ease the burden of complying with the new requirements, the Privacy Rule gives needed flexibility for providers and plans to create their own privacy procedures, tailored to fit their size and needs. The scalability of the Rule provides a more efficient and appropriate means of safeguarding protected health information than would any single standard. For example,
- The privacy official at a small Dental practice may be the office manager, who will have other non-privacy related duties; the privacy official at a large Dental practice may be a full-time position, and may have the regular support and advice of a privacy staff or board.
- The training requirement may be satisfied by a small Dental practice’s providing each new member of the workforce with a copy of its privacy policies and documenting that new members have reviewed the policies; whereas a large health plan may provide training through live instruction, video presentations, or interactive software programs.
- The policies and procedures of small Dental providers may be more limited under the Rule than those of a large hospital or health plan, based on the volume of health information maintained and the number of interactions with those within and outside of the health care system.
What Information Is Protected?
Patient information that dentist, nurses, and other health care providers put in medical records.
- Conversations the dentist has about the patients care or treatment with nurses and others
- Information about the patient in his or hers health insurer’s computer system
- Billing information about the patients at your clinic or dental office
- Most other health information about the patient held by those who must follow this law
How Is This Information Protected?
- Covered entities must put in place safeguards to protect the patient’s health information.
- Covered entities must reasonably limit uses and disclosures to the minimum necessary to accomplish their intended purpose.
- Covered entities must have contracts in place with their contractors and others ensuring that they use and disclose the patient’s health information properly and safeguard it appropriately.
- Covered entities must have procedures in place to limit who can view and access the patients health information as well as implement training programs for employees about how to protect your health information.
HIPAA Security Standards you need to know.
The security standards are divided into the categories of administrative, physical, and technical safeguards.
- Administrative safeguards: In general, these are the administrative functions that should be implemented to meet the security standards. These include assignment or delegation of security responsibility to an individual and security training requirements.
- Physical safeguards: In general, these are the mechanisms required to protect electronic systems, equipment and the data they hold, from threats, environmental hazards and unauthorized intrusion. They include restricting access to EPHI and retaining off site computer backups.
- Technical safeguards: In general, these are primarily the automated processes used to protect data and control access to data. They include using authentication controls to verify that the person signing onto a computer is authorized to access that EPHI, or encrypting and decrypting data as it is being stored and/or transmitted.
Let the IT Professionals at gregmason.com LLC help your office become fully compliant. We have been servicing the IT needs of New Hampshire and Northern Massachusetts Dental offices since 1991.
Contact us at 603-669-4116 for your free, no obligation consultation.