As dental practices navigate important updates in maintaining electronic patient information, consider these insights from a HIPAA expert
Olivia Wann founded Modern Practice Solutions, LLC, in 2000 and established her law practice in 2012. She earned her Doctorate in Jurisprudence from the Nashville School of Law. Specializing in regulatory compliance, Wann is a sought-after speaker, presenting on topics like OSHA and HIPAA compliance, cybersecurity, and team performance. She has authored several compliance manuals and contributed to leading industry journals.
Earlier this year, the Department of Health and Human Services proposed significant updates to the HIPAA Security Rule. With a goal of strenghtening cybersecurity protections for electronic protected health information, these changes will have wide-ranging implications for dental practices and the patients they serve. Olivia Wann, JD, who specializes in dental practice law, cuts through the confusion—offering insights into how to avoid common pitfalls that can lead to violations.
3. Staff Training
The Security Rule states that HIPAA training should occur periodically. In other words, it’s not just one and done. Practices should appoint training on the schedule to ensure it’s completed. You also want to provide communication about HIPAA reminders, which can be woven into regular staff meetings, such as morning huddles and monthly meetings. This will ensure that HIPAA privacy and security rules are part of your practice’s ongoing discussions.
HIPAA training can be quite complex, so you want to turn to trainers with true expertise who can serve as reliable resources for your staff. HealthFirst, for example, provides a variety of training options and resources through OnTraq, which can help keep your team up-to-date on a range of compliance issues. For instance, their online HIPAA Manual and Forms allow you to access information as needed at your own pace. It includes customized HIPAA annual employee training forms (customization is key because each practice is unique), an easily understood guide for implementing content, and a file system that allows you to organize and secure training records for 5 years.
4. Conduct a Security Risk Assessment
HIPAA requires all covered entities and their business associates to conduct an annual risk assessment to ensurethey’re compliant with all of HIPAA’s administrative, physical, and technical safeguards. It also helps uncover any areas where protected health information (PHI) might be at risk. The Office of the National Coordinator for Health Information and the Health and Human Services Office for Civil Rights offer a free downloadable Security Risk Assessment Tool, which is designed for small providers. You can download the tool at healthit.gov/topic/privacysecurity-and-hipaa/security-risk-assessment-tool.
Follow the Leader
Ultimately, compliance requires a culture of safety and respect for the privacy of patients’ PHI. Leadership is key—when leaders respect and honor patients’ privacy, their staff will follow. However, if there’s a blatant disregard for patient privacy from the top, you have a domino effect that results in all staff members behaving the same way. Those leading a practice—including the practice owner and the office manager—must demonstrate their commitment to protect the patients they serve.