HIPAA for Dental Offices



Toll Free
9AM - 5PM CST (M-F)

Faculty: Becca Kalivas, RN, MS


Successful Completion: Complete entire module, complete the exam with a passing score of 80% or better, and complete the evaluation form.


Estimated Time to Complete Activity: 90 minutes.


CEUs: HIPAA Exams is authorized by IACET to offer 0.2 CEUs for this program.  CEU Information


Free Certification of Completion available instantly for download or printing upon successful completion.


This course is designed to provide a comprehensive look at HIPAA legislation and addresses its application within a dental office setting. To ensure the privacy of protected health information, avoid potential civil and criminal penalties (HIPAA violations), and aid preparedness for potential HHS audits. It is imperative that all dental office staff have a solid understanding of this complex legislation.

Includes 2021/2022 Updates - ONC 21st Cures Act Final Rule and the CMS Final Rule

Course includes a video and audio component with stand-alone exam

Receive HIPAA Certification "Certificate of Completion" with successful completion.

HIPAA for Healthcare Workers FAQs 

How does HIPAA affect dental practices? 

First off, it’s essential to determine the HIPAA “status” of a dental office. In other words, to determine if HIPAA applies to the dentist's office. According to The Department of Health and Human Services (HHS), HIPAA applies only to covered entities and business associates (BAs). Although Covered Entities include dentists, a dental office becomes a covered entity if they perform an electronic HIPAA standard transaction or have someone do so on the provider’s behalf. 

Suppose the dentist's practice is a covered entity. In that case, they must comply with The HIPAA Privacy, Security, and Breach Notification Rules, which enforce various requirements on the covered entity and their BAs. 

Examples of how this might affect the covered dental practice include the obligation to:

  • Designating a Dental Office HIPAA Compliance Officer (or Officers).
  • Performing a risk assessment 
  • Conducting a risk analysis 
  • Implementing measures
  • Developing policies and procedures to support the measures
  • Displaying a HIPAA-compliant Notice of Privacy Practices (NPP)
  • Training staff on HIPAA compliance 
  • Establishing a compliant BAA with each BA
  • Implementing a Breach Notification policy
  • Creating contingency plans
  • Conducting due diligence on BAs
  • Keeping HIPAA compliance documents for at least six years 

It's important to understand that HIPAA compliance for dentists is a continuous process. Compliance must be maintained, and training must be regularly offered when new work methods and technology changes are introduced. 

Dental practices must present records like the ones mentioned above to prove HIPAA compliance if the dental practice is ever under investigation or audit by the HHS Office for Civil Rights (OCR). 

Are dental records covered under HIPAA?

A dental practice that is a “covered health care provider” must comply with all HIPAA rules, including the Privacy, Security, and Breach Notification Rules. 

The Rules specify how patient healthcare and payment data is created, used, stored, and shared and the conditions in which such data can be released without the patient's consent. Patients are also given access rights to their health information under the HIPAA Privacy Rule. 

Under the Rules, covered dental practices must meet certain requirements to protect dental records, such as protecting patient privacy by taking necessary precautions to protect against the unauthorized disclosure of patient information and following HIPAA’s “minimum necessary” rule. When patient information is used, disclosed, or requested, dental practices must limit the use, disclosure, or request to the minimum amount of appropriate data. There are exceptions, such as disclosures for treatment purposes and disclosures to patients of their knowledge. 

Do I need a Business Associate Agreement with my dental lab? 

No business associate agreement (BAA) is required to exchange PHI with a laboratory regarding the treatment of an individual because dental labs are considered healthcare providers.  

The HIPAA definition of a BA states:

“Business associate does not include a health care provider, concerning disclosures by a covered entity to the health care provider considering the treatment of the individual.”

Typically, dental labs are considered healthcare providers according to the HIPAA definition. This means that if the dental practice only discloses patient information to the lab for the patient's treatment, it is not required for a covered dental practice to enter a BAA with a lab. 

What HIPAA training does the dental practice’s workforce require?

Regardless of access to protected health information (PHI), every dental office employee, student, volunteer, and other staff member must complete security and awareness training. The dental practice's privacy, security, and breach notification policies and procedures should be explained to each employee in detail to understand how they apply to their specific roles.

For more information on The Health Insurance Portability and Accountability Act (HIPAA), visit The Department of Health and Human Services (HHS) website. 

What Does a Dental Office Need to Be HIPAA-Compliant? 

For a dental office to be HIPAA compliant, they must adhere to several key requirements:

  • Privacy Rule Compliance: Ensure patient health information (PHI) is properly protected while allowing the flow of PHI needed to provide high-quality health care.
  • Security Rule Compliance: Implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI.
  • Notice of Privacy Practices: Provide patients with a notice that describes how their PHI can be used and disclosed, as well as their rights regarding their PHI.
  • Business Associate Agreements: Establish contracts with third-party vendors with access to PHI, ensuring they will protect the information.
  • Employee Training: Regularly train all staff members on HIPAA policies and procedures.
  • Regular Audits: Conduct regular risk assessments and audits to identify potential vulnerabilities in the protection of PHI.

How to Train a New Dental Employee on HIPAA and OSHA 

Provide online training modules that allow employees to learn at their own pace while also testing their knowledge. When training new dental employees on HIPAA and OSHA using online courses, it's crucial to select dental-specific, accredited courses with up-to-date content, like the ones we offer at HIPAA Exams. 

Begin the training with an introductory session, prioritize immediate safety with OSHA, and then delve into HIPAA courses. Enhance online learning by integrating hands-on training in the dental office. Throughout the training, use platform tracking features to monitor the employee's progress and schedule periodic check-ins to address any questions or clarifications. 

Don't forget to keep records of all training sessions, materials provided, and certificates of completion for compliance purposes.

Which HIPAA Regulations Do Dental Offices Follow? 

Dental offices follow the same core HIPAA regulations as other healthcare providers, mainly:

  • HIPAA Privacy Rule: Regulates the use and disclosure of PHI.
  • HIPAA Security Rule: Concerns safeguarding electronic PHI (ePHI) and establishes national standards.
  • HIPAA Breach Notification Rule: Requires covered entities and their business associates to provide notification when there's a breach of unsecured PHI.
  • HIPAA Enforcement Rule: Pertains to investigations following a breach of ePHI and potential penalties. 

How Often Do You Need Dental OSHA and HIPAA Training? 

OSHA Training for Dental Offices 

OSHA requires new employees to be trained upon hiring. Additionally, employees should receive and complete annual training on topics such as bloodborne pathogens. Specific training frequency can vary depending on the nature of the job and any changes in tasks or procedures.

HIPAA Training for Dental Offices 

New employees should receive HIPAA training when they start, and all staff should undergo refresher training at least annually. However, if there are significant changes to policies, procedures, or the law, additional training may be necessary.

How to Purchase

To enroll in this course, simply add the number of users you need below and ADD TO CART. Follow the steps for CHECKOUT which will include registering your account.


Learning Objectives

  • Describe the purpose of the HIPAA law
  • Explain the changes implemented to HIPAA by the Omnibus Final Rule
  • Identify the key elements of the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Enforcement Rule
  • Explain the process for Breach Notification
  • Define the Unique Identifiers and Transaction and Code Set Rules
  • Illustrate how to apply these rules to his/her daily practice in a Dental Office setting

Target Audience

Dental Office Staff

Table of Contents

HIPAA for Dental Offices (HIPAA Privacy, Security, and Enforcement Training)

Table of Contents:

  • HIPAA for Dental Offices
  • Legal Notice
  • Objectives
  • Purpose of Course
  • Introduction to HIPAA
  • What is Portability?
  • What is Accountability?
  • HITECH Act and Omnibus Final Rule
  • Who Must Abide by HIPAA Rules?
  • HIPAA Covered Entity
  • Business Associates
  • Expanded Definition of Business Associates
  • Business Associates Agreements
  • Things to Consider within a Dental Practice
  • HIPAA Privacy Rule
  • Permitted Use and Disclosure of PHI
  • Authorized Uses and Disclosures Under the Privacy Rule
  • Incidental Use and Disclosure of PHI
  • Minimum Necessary Principal
  • Notice of Privacy Practices
  • Individual Access of Protected Health Information
  • ONC Cures Act Final Rule - 2021/2022 Update
  • CMS Final Rule - 2021/2022 Update
  • More Individual Rights Under Privacy Rule
  • Administrative Requirements for Privacy Rule Compliance
  • State Law and the Privacy Rule
  • Personal Representatives and Minors Under the Privacy Rule
  • Privacy Rule and Decedents
  • Privacy Considerations within the Dental Office
  • HIPAA Security Rule
  • What Security Measures Must be Used?
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Privacy and Security for Mobile Devices
  • Security Considerations within the Dental Office
  • Transaction and Code Set Standards
  • Unique Identifiers Rule
  • HIPAA Breach Notification Rule
  • Breach Notification and Risk Assessment
  • Breach Notification Rule Exceptions
  • Breach Notification Rule and Unsecured PHI
  • Breach Notification Requirements Media
  • Breach Notification Requirements Individual
  • Breach Notification Requirements Secretary
  • Burden of Proof for Breach Notification
  • HIPAA Enforcement Rule
  • Enforcement Rule and Civil Money Penalties
  • Defenses and Waivers for CMP
  • Recent Updates to HIPAA Opioid Crisis
  • Recent Updates to HIPAA Cloud Computing
  • Real Life Examples
  • End of Course Exam

Course Content Example 1:

  • Things to Consider within a Dental PracticeIdentify all employees who handle PHI within your office
  • Identify all of your office's Business Associates and make sure a Business Associate Agreement (BAA) is in place
  • Review all BAAs to make sure they are HIPAA compliant and to verify that they are using proper safeguards to protect PHI
  • Make sure all agreements have been updated to reflect the necessary changes of the Final Rule

Course Content Example 2:

Privacy Considerations within the Dental Office

Patient Sign-in sheet:

  • This is acceptable as an incidental disclosure
  • Require only the minimum necessary amount of personal information on sign-in sheet
  • Medical information, such as the reason for visit, should not be included
  • Consider the use of sheet with removable labels after each sign-in

Calling out patients name in the waiting room

  • This is acceptable as an incidental disclosure
  • Apply the minimum necessary standard and use only first name, when appropriate

 Procedure for faxing PHI

  • PHI may be faxed for treatment purposes as long as reasonable safeguards are taken
  • Confirm all fax numbers before sending
  • Use a proper sheet, which statement similar to:
  • "This facsimile is intended only for the use of the named addressee and may contain information that is confidential or privileged. If you are not the intended recipient, or you are not the employee responsible for delivering the facsimile to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this facsimile is strictly prohibited. If you have received this facsimile in error, please notify the sender immediately"


Download Certificate of Completion Immediately

3 Attempts to Pass Your Exam

Instant Access: 100% Online - Access 24/7 from Anywhere

No Recurring Fees

Banner Image

Train Anywhere, Anytime

Courses can be accessed from any internet device at anytime.