Skip to main content

Tag: HIPAA

Alert!!! New HIPAA Requirements for 2025!!!

The Department of Health and Human Services published in the Federal Register the HIPAA Security Rule, including new HIPAA requirements, to Strengthen the Cybersecurity of Electronic Protected Health Information on January 6th, 2025. It is open for public comment until March 6th and then dental offices must work toward compliance within 180 days—that’s only 6 months!

Continue reading

The First Phishing Attack Settlement $480,000 Announced!

The OCR reached a $480,000 settlement with a Louisiana medical group after a phishing attack compromised the information of 35,000 patients. Phishing attacks can result in identity theft, financial loss, discrimination, stigma, mental anguish, negative consequences to reputation, health, or physical safety of the individuals, or to others identified in the individual’s protected health information, according to the Office of Civil Rights.

Continue reading

Is Your Website in Compliance With HIPAA?

Most practices maintain a website to keep patients informed and provide services, but is your website in compliance? However, did you know that if your practice has a website, you are required to make your Notice of Privacy Practices (NPP) available? According to the Office of Civil Rights (OCR) and 45 CFR 164.520(c)(3), if a covered entity maintains a website that provides information about its customer services or benefits, the NPP must be prominently posted on the site and made available electronically.

Continue reading

Should a Hygienist or RDA Serve as HIPAA Officer?

This is a great question. We appreciate anyone willing to serve as HIPAA Officer in compliance capacities in a practice. First, let’s establish that the role and designation of the HIPAA Privacy Officer and the role of the HIPAA Security Officer may be combined into one designation as the HIPAA Compliance Officer in smaller practices. However, compliance with the Privacy Rule versus the Security Rule is a bit different.

Continue reading

What Happens if a Patient Refuses to Sign the HIPAA Form?

The law requires that we ask the patient to acknowledge receipt of the Notice of Privacy Practices. The law does not require the patient to sign the “acknowledgment of receipt of the notice.” Signing does not mean that the patient agreed to any special uses or disclosures of the patient’s records. When a patient refuses to sign to sign the acknowledgment does not prevent you from using or disclosing health information as HIPAA permits.

Continue reading

HIPAA Violation: Dentist Responded to an Online Review

On December 14, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announced a settlement with a dental practice in California over the impermissible disclosure of patient protected health information (PHI) in response to online reviews, and other potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. The practice used social media inappropriately responding to a negative online review that disclosed Protected Health Information. The dental practice paid $23,000 to OCR and agreed to implement a corrective action plan (CAP) to resolve this investigation.

Continue reading

Top Ten Violations TOSHA Will Look For

Numerous dental offices across the state of Tennessee have been randomly audited. There has been much confusion and quite a bit of stress resulting. This article explores common violations TOSHA will look for, that we commonly see in dental offices in Tennessee. We hope you will find this information helpful in closing the gaps in your compliance program.

Continue reading