The Health Insurance Portability Accountability Act known as HIPAA, is in effect as of April 14th, 2003, and your office needs to be in compliance. This new regulation was enacted in 1996, but compliance to the law begins in 2003. The privacy rule creates national standards to protect patient's medical and dental records and other personal health information.
Under the old law, the personal health information of a patient could move across doctor's offices, insurance companies, law offices, and state lines without notice or consent from the patient. This information would be held by a health plan (for instance), and then can be passed off to a bank that then may deny a person's application for a home loan or credit card based on their health care bills, or an employer who may also use it for their personal use.
This regulation will give the patient more control over their own health information, setting boundaries on the use and release of their records, and establish safeguards to health care providers and others who must protect the patient's privacy. It holds violators accountable with civil and criminal penalties if they violate the patient's privacy rights. For the patients, it means being able to make informed choices on how their private information will be used, and what disclosures of their information have been made. It limits the release of information to additional groups, and gives the patient the right to examine and obtain a copy of their own health records.
We need to comply with this new law by providing information to our patient's about their privacy rights and how their information will be used. We need to adopt privacy procedures, train staff to understand those procedures, and designate an individual to be responsible to over see the procedures are followed. We must secure patient records containing individual and identifiable health and personal information so that they are not readily available to outside sources. Each office needs to develop a written policy describing how it will meet HIPAA compliance, post a copy of your privacy policy notice in a conspicuous place for patient viewing, and give a copy of a written policy to each patient with the patient signing off that they have received a copy of your polices.
Aside from the new forms, staff training, and appointing privacy officer, each office must have business associate agreements with any outside entities that would receive any of your patient's protected information. This agreement requires that the other company that receives your patient's information will also protect it to the same extent that your office protects the patient confidentiality.
These new government regulations will add to the burden of managing a dental x-ray lab practice, but there is help out there. The ADA has created a HIPAA privacy compliance kit that contains a suggested format of required HIPAA policies and procedures. You can order the kit by calling (800) 947-4746.
The most important thing you need to do to comply is to make a good faith effort to secure patient acknowledgement of receipt of your privacy notice. This is not a one size fits all compliance approach, indeed the word "reasonable" appears 265 times, therefore it leaves you to make some judgment calls about what is appropriate given your practice's profile, and physical environment. Try and learn about HIPAA, and make a good faith effort to comply, by employing these good faith efforts, you will be supporting this new ruling, and supporting your patient confidentiality rights. HIPAA laws may seem daunting, but look at the issues in a positive way, these laws are designed to protect patients, and after all, we are all patients.