Having Dental Malpractice Insurance is important, but it doesn’t cover fines and penalties for not following current legislation and laws. The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 by US Congress to protect patient data with a set of established procedures that every profession must follow.
If you have protected health information (PHI) – which you do – you must follow a set of specific procedures for handling your patient data. The policies apply to both business associates (BA) and covered entities (CE).
BAs include anyone with access to sensitive patient information like:
• Dental assistants
• Health insurance companies
• And more
CEs include anyone who provides dentistry, handles financial information, or operates the business like:
The HIPAA Act contains two sections, which includes the HIPAA Privacy Rule and the HIPAA Security Rule. The privacy rule contains Federal protection against personal health information (PHI) while the security rule requires businesses such as offices and professionals like dentists to protect electronic personal health information (ePHI).
The HIPAA Privacy Rule
The privacy rule allows PHI details to be shared in relation to issuing health care to a patient. This can include things like the hospital sharing records with your family doctor, sharing your patient history with a specialist doctor, etc. Dentists may also need to share such information to a doctor for diagnosis determinations just as a doctor may need to share patient information to a dentist for dental procedures.
The privacy rule relates to any means of PHI sharing, whether it is through papers, faxes, emails, documents, phone, or even simple electronic transfers. Aside from how the information is handled through professions, the patient also has the right to view their medical history.
The HIPAA Security Rule
The security rule involves several safeguards to protect PHI details, such as digital, physical, and administrative safeguards. For instance, it includes proper training of networked computer usage to all personnel involved, limiting access of specific information to certain employees, established policies and procedures for workstation operations, integrating usage of passwords for specific tasks and operations, etc.
HIPAA is Federal legislation, which means that you should thoroughly understand the details and ensure that you’re in compliance. Your dental malpractice insurance does not cover fines and penalties for HIPAA violations, but the insurer does have to abide by them just like you. In addition, Federal audits and enforcement are robust and highly active. Failure to comply with all rules leads to fines and/or penalties that can really add up. However, an audit gives your facility a chance to solve the issues found.
With HIPAA, there are really no exceptions to the rules, except in a few circumstances. Other than that, all states must utilize the HIPAA rules and regulations. If the state’s rules and regulations exceed HIPAA’s patient protection policies, then they generally receive precedence over the HIPAA rules.
For instance, a state requires doctors to obtain a signed patient consent form for disclosure of health records in relation to new patients, whereas HIPAA does not.
That means the state’s rule precedes the HIPAA rule and is acceptable because it offers a higher level of protection. As long as the state’s law provides better patient information protection, it will supersede existing HIPAA laws. While that is beneficial to a client or customer, it can be confusing to the dental professional. You need to be sure that you not only follow HIPAA rules, but also abide by state laws.
Since the sharing of patient information is restricted to specific allowances, it can be confusing. But in short terms, it is usually when the patient is at risk of harm to themselves or others, as well as subpoena and judgement orders that require specific patient information, such as an X-ray of the patient’s teeth or their oral history. Your dental practice may not be related to “patient at risk” details as you have no medical information in relation to it, but the subpoenas and judgements will apply. It may not occur much in the dental field, but it is possible and is important to know. This is just one example of legally sharing patient information when it otherwise would not be acceptable.
The most important strategy to staying HIPAA compliant involves creating a routine HIPAA compliance program. This program will analyze potential risks and identify key areas of need. Since HIPPA laws can change, it is important to routinely pull out your compliance program and ensure that your office complies. There are three main components that your program should have, which includes risk assessment, policies and procedures, and business associate agreements.
Policies and Procedures
The policies and procedures involve reviewing your written employee rules and training processes to ensure that they cover all current HIPAA compliance rules. As laws change, you may need to adjust your policies and procedures for the staff at your office.
The risk assessment is a way to identify all sources that patient information is available to, such as tablets, mobile phones, fax machines, networks, email addresses, phone numbers, and more. This helps you identify potential privacy leaks that could occur and ensure that all sources that hold private information are properly secured or controlled. For example, a mobile phone with patient data could get lost and provide access to someone who is unauthorized to view the information. Another prime example would be network loopholes that allow a hacker to access private patient data. Aside from that, a particular program or application could be allowing the wrong people to access private patient medical information. Basically, the list could go on and on, but this provides some insight.
Business Associate Reviewing
The business associate agreements ensure that your third-party associations are aware of your office’s policies and procedures, as well as their responsibilities to comply with HIPAA. If private information is leaked by the party in relation to you, you may be responsible if you don’t provide them the important information related to your practice. They may also face penalties, but you need to protect your profession too. HMBD Insurance Services follow all HIPAA rules and regulations to protect us and you, but you will still want to review your other third party affiliations that must adhere to HIPAA regulations.
Get a FREE Malpractice Insurance Quote.
HMBD offers one of the most comprehensive and affordable professional liability insurance policies on the market. Get Your Quote in 24 Hours.
The #1 Decision To Make In Choosing Dental Malpractice Insurance
Knowing what your dental liability insurance covers and doesn’t cover for your dental puts your reputation at risk for Malpractice. Your livelihood is at stake when you don’t understand the ins and outs of the liability insurance you signed up for after you finished Dental School. Even if you did cover your insurance recently, do you know if any of the policies can be cancelled at anytime by your current insurance plan?
This free short 2 minute read will help you understand the truth about dental liability insurance plans.
This short 2 minute read will help you:
• Understand the Importance of Choosing the Right Malpractice Insurance Agent.
• Determine If You Need to Re-Evaluate your Liability Coverage.
“ I really like the communication with HMBD Insurance. Ted and his team are always quick to
respond and very helpful. It’s something that I value because of my busy schedule. ”
Dr. Brian Martin, DDS
“ Ted and his team helped us with our office package policy, risk management, and a question about a hospital application all in the same conversation. They also followed up on another issue that I was tardy in getting an answer back. VERY PROFESSIONAL! ”
Dr. Leighty, DDS
“ Timely responses to request… VERY HELPFUL! Total WOW experience with Ted and his team’s insurance knowledge and expertise! ”