Faculty: Becca Kalivas, RN, MS
Successful Completion: Complete entire module, complete the exam with a passing score of 80% or better, and complete the evaluation form.
Estimated Time to Complete Activity: 90 minutes.
CEUs: HIPAA Exams is authorized by IACET to offer 0.2 CEUs for this program. CEU Information
Free Certification of Completion available instantly for download or printing upon successful completion.
This course is designed to provide a comprehensive look at HIPAA legislation and addresses its application within a dental office setting. To ensure the privacy of protected health information, avoid potential civil and criminal penalties (HIPAA violations), and aid preparedness for potential HHS audits. It is imperative that all dental office staff have a solid understanding of this complex legislation.
Includes 2021/2022 Updates - ONC 21st Cures Act Final Rule and the CMS Final Rule
Course includes a video and audio component with stand-alone exam
Receive HIPAA Certification "Certificate of Completion" with successful completion.
HIPAA for Healthcare Workers FAQs
How does HIPAA affect dental practices?
First off, it’s essential to determine the HIPAA “status” of a dental office. In other words, to determine if HIPAA applies to the dentist's office. According to The Department of Health and Human Services (HHS), HIPAA applies only to covered entities and business associates (BAs). Although Covered Entities include dentists, a dental office becomes a covered entity if they perform an electronic HIPAA standard transaction or have someone do so on the provider’s behalf.
Suppose the dentist's practice is a covered entity. In that case, they must comply with The HIPAA Privacy, Security, and Breach Notification Rules, which enforce various requirements on the covered entity and their BAs.
Examples of how this might affect the covered dental practice include the obligation to:
- Designating a Dental Office HIPAA Compliance Officer (or Officers).
- Performing a risk assessment
- Conducting a risk analysis
- Implementing measures
- Developing policies and procedures to support the measures
- Displaying a HIPAA-compliant Notice of Privacy Practices (NPP)
- Training staff on HIPAA compliance
- Establishing a compliant BAA with each BA
- Implementing a Breach Notification policy
- Creating contingency plans
- Conducting due diligence on BAs
- Keeping HIPAA compliance documents for at least six years
It's important to understand that HIPAA compliance for dentists is a continuous process. Compliance must be maintained, and training must be regularly offered when new work methods and technology changes are introduced.
Dental practices must present records like the ones mentioned above to prove HIPAA compliance if the dental practice is ever under investigation or audit by the HHS Office for Civil Rights (OCR).
Are dental records covered under HIPAA?
A dental practice that is a “covered health care provider” must comply with all HIPAA rules, including the Privacy, Security, and Breach Notification Rules.
The Rules specify how patient healthcare and payment data is created, used, stored, and shared and the conditions in which such data can be released without the patient's consent. Patients are also given access rights to their health information under the HIPAA Privacy Rule.
Under the Rules, covered dental practices must meet certain requirements to protect dental records, such as protecting patient privacy by taking necessary precautions to protect against the unauthorized disclosure of patient information and following HIPAA’s “minimum necessary” rule. When patient information is used, disclosed, or requested, dental practices must limit the use, disclosure, or request to the minimum amount of appropriate data. There are exceptions, such as disclosures for treatment purposes and disclosures to patients of their knowledge.
Do I need a Business Associate Agreement with my dental lab?
No business associate agreement (BAA) is required to exchange PHI with a laboratory regarding the treatment of an individual because dental labs are considered healthcare providers.
The HIPAA definition of a BA states:
“Business associate does not include a health care provider, concerning disclosures by a covered entity to the health care provider considering the treatment of the individual.”
Typically, dental labs are considered healthcare providers according to the HIPAA definition. This means that if the dental practice only discloses patient information to the lab for the patient's treatment, it is not required for a covered dental practice to enter a BAA with a lab.
What HIPAA training does the dental practice’s workforce require?
Regardless of access to protected health information (PHI), every dental office employee, student, volunteer, and other staff member must complete security and awareness training. The dental practice's privacy, security, and breach notification policies and procedures should be explained to each employee in detail to understand how they apply to their specific roles.
For more information on The Health Insurance Portability and Accountability Act (HIPAA), visit The Department of Health and Human Services (HHS) website.
- Describe the purpose of the HIPAA law
- Explain the changes implemented to HIPAA by the Omnibus Final Rule
- Identify the key elements of the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Enforcement Rule
- Explain the process for Breach Notification
- Define the Unique Identifiers and Transaction and Code Set Rules
- Illustrate how to apply these rules to his/her daily practice in a Dental Office setting
Dental Office Staff
Table of Contents
HIPAA for Dental Offices (HIPAA Privacy, Security, and Enforcement Training)
Table of Contents:
- HIPAA for Dental Offices
- Legal Notice
- Purpose of Course
- Introduction to HIPAA
- What is Portability?
- What is Accountability?
- HITECH Act and Omnibus Final Rule
- Who Must Abide by HIPAA Rules?
- HIPAA Covered Entity
- Business Associates
- Expanded Definition of Business Associates
- Business Associates Agreements
- Things to Consider within a Dental Practice
- HIPAA Privacy Rule
- Permitted Use and Disclosure of PHI
- Authorized Uses and Disclosures Under the Privacy Rule
- Incidental Use and Disclosure of PHI
- Minimum Necessary Principal
- Notice of Privacy Practices
- Individual Access of Protected Health Information
- ONC Cures Act Final Rule - 2021/2022 Update
- CMS Final Rule - 2021/2022 Update
- More Individual Rights Under Privacy Rule
- Administrative Requirements for Privacy Rule Compliance
- State Law and the Privacy Rule
- Personal Representatives and Minors Under the Privacy Rule
- Privacy Rule and Decedents
- Privacy Considerations within the Dental Office
- HIPAA Security Rule
- What Security Measures Must be Used?
- Administrative Safeguards
- Physical Safeguards
- Technical Safeguards
- Privacy and Security for Mobile Devices
- Security Considerations within the Dental Office
- Transaction and Code Set Standards
- Unique Identifiers Rule
- HIPAA Breach Notification Rule
- Breach Notification and Risk Assessment
- Breach Notification Rule Exceptions
- Breach Notification Rule and Unsecured PHI
- Breach Notification Requirements Media
- Breach Notification Requirements Individual
- Breach Notification Requirements Secretary
- Burden of Proof for Breach Notification
- HIPAA Enforcement Rule
- Enforcement Rule and Civil Money Penalties
- Defenses and Waivers for CMP
- Recent Updates to HIPAA Opioid Crisis
- Recent Updates to HIPAA Cloud Computing
- Real Life Examples
- End of Course Exam
Course Content Example 1:
- Things to Consider within a Dental PracticeIdentify all employees who handle PHI within your office
- Identify all of your office's Business Associates and make sure a Business Associate Agreement (BAA) is in place
- Review all BAAs to make sure they are HIPAA compliant and to verify that they are using proper safeguards to protect PHI
- Make sure all agreements have been updated to reflect the necessary changes of the Final Rule
Course Content Example 2:
Privacy Considerations within the Dental Office
Patient Sign-in sheet:
- This is acceptable as an incidental disclosure
- Require only the minimum necessary amount of personal information on sign-in sheet
- Medical information, such as the reason for visit, should not be included
- Consider the use of sheet with removable labels after each sign-in
Calling out patients name in the waiting room
- This is acceptable as an incidental disclosure
- Apply the minimum necessary standard and use only first name, when appropriate
Procedure for faxing PHI
- PHI may be faxed for treatment purposes as long as reasonable safeguards are taken
- Confirm all fax numbers before sending
- Use a proper sheet, which statement similar to:
- "This facsimile is intended only for the use of the named addressee and may contain information that is confidential or privileged. If you are not the intended recipient, or you are not the employee responsible for delivering the facsimile to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this facsimile is strictly prohibited. If you have received this facsimile in error, please notify the sender immediately"
Download Certificate of Completion Immediately
3 Attempts to Pass Your Exam
Instant Access: 100% Online - Access 24/7 from Anywhere
No Recurring Fees