dental news for dentists from the best minds in dentistry today header image 2

Dentists Should Know About New HIPAA Rules

August 28th, 2009 · 3 Comments

law-gavelIn February, the Health Information Technology for Economic and Clinical Health Act (HITECH) was passed as under the American Recovery and Reinvestment Act of 2009 (ARRA). The purpose of the act was to create a nationwide information technology infrastructure that would allow controlled electronic dissemination of health information (EMR).

HITECH rules, which are currently being promulgated by HHS, will place more responsibilities on covered business entities and their business associates. On August 18, a new regulation will go into effect which requires covered entities and their business associates to provide notice of breaches or unauthorized disclosures of protected health information (PHI) within 60 days. Covered entities would be required to provide notification to the breached individuals, HHS and in cases where 500 or more people are affected, to the media outlets. HHS has created a “safe harbor” if specific methodologies and technologies are used to secure information.

All covered entities should, at this time, review their safeguards, training and documentation in order to guarantee the entities’ compliance with all of these rapidly changing regulations.

By February 2010, HHS will release a number of specific modifications to HIPAA with regards to electronic transmission of PHI. These will involve additional disclosure accountability, extensions of the HIPAA rule for business associates, tighter PHI controls and a number of additional modifications.

It is incumbent on all providers to closely monitor these regulations as they come in to effect.

Dr. Donald Cohen is a licensed practicing dentist in New York State for over thirty years with over 20 years of teaching experience at Columbia University SDOS and over 20 years as an Attending Dentist at Columbia Presbyterian Hospital in New York City. He is past president of the New York State Society of Dentistry For Children and is currently Director of Compliance for Health Compliance Team Inc., a national compliance company delivering total on-site compliance solutions to dental offices and numerous seminars. Additionally, he is a Consultant to Henry Schein Inc. in practice transitions and compliance.


Tags: Administrative · Clinical · Compliance

3 responses so far ↓

  • 1 D. Kellus Pruitt DDS // Aug 28, 2009 at 9:50 am

    Tell me if I am wrong. If a dentist follows the letter of the law, and self-reports a breach which may be as innocent as a misplaced flash drive, will that not bankrupt the dentist?

    D. Kellus Pruitt DDS

  • 2 D. Kellus Pruitt DDS // Sep 1, 2009 at 6:04 pm

    By the absence of a response, I assume I am correct. If a computer is stolen from a dentist’s office, and the crime is properly reported, there is little hope that the practice will survive much longer than 60 days when patients have to be notified.

    If a dentist’s practice is located in a poor neighborhood, it could be burglarized a couple of times a year.

    What have we allowed stakeholders to do to our profession?

    D. Kellus Pruitt DDS

  • 3 D. Kellus Pruitt DDS // Sep 2, 2009 at 12:56 pm

    Yes, I’m back.

    Please understand that I am not selling a thing, friends. I don’t even own a Website (in the conventional sense). I am merely trying to alert my profession of the imminent HIPAA disaster which nobody wants to face, not even the ADA. In fact, a few Internet editors who have advertising interests with the ADA have gone so far as to censor me in a futile attempt to deny me freedom of speech. Though it can be dependably entertaining, it never ends well for slow-moving dinosaurs and does little to promote transparency, until the last day or so.

    I have been following the HIPAA issue a long time. I was surprised to discover how very difficult it is to find HIPAA consultants who will entertain suggestions that HIPAA just might be the most stupid idea ever supported by the ADA. Who can blame them? The mandate, stupid or not, is their living.

    That is why I sincerely respect Dr. Donald Cohen for allowing my comments to appear following his article “Dentists Should Know About New HIPAA Rules” that was posted on a few days ago.

    In the last few days, I have been participating in an unprecedented and urgently needed discussion about HIPAA and dentistry with HIPAA consultants Kelly Mclendon, who is a Registered Health Information Administrator, and Olivia Wann, a Registered Dental Assistant with a BS in Health Care Administration. Our exchanges are at the last of an article titled “Kelly Mclendon RHIA – censors – D. Kellus Pruitt DDS.”

    Here are the six questions we discussed which I first posed to Mclendon:

    1. How will eDRs (electronic dental records) improve care of dental patients?

    2. How will eDRs increase patient safety?

    3. What does Olivia Wann mean when she says that having a national system for computerized health records will simplify compliance in the US?

    4. How will eDRs save costs in dentistry?

    5. How will eDRs minimize errors in dentistry?

    6. How will eDRs maximize efficiency?

    Considering all the topics we covered, I’d say we eliminated a dozen or so common misconceptions about electronic dental records and HIPAA. I’m thankful for this opportunity to spread the word so that progress is given a chance.

    Thank you, Dr. Cohen. Your courage is not unnoticed. I’ll offer you an opportunity soon.

    D. Kellus Pruitt DDS

    cc: spamgroup