HIPPA: Are You in Compliance?
According to the U.S. Department of Health & Human Services, the Office for Civil Rights (OCR) has started phase 2 of the HIPAA Audit Program. In an effort to comply with HIPAA’s Privacy, Security and Breach Notification Rules, OCR will be conducting audits of covered entities and their business associates. Though these audits are not directly targeted at dental practices, practices that use electronic dental claims are considered cover entities under HIPAA, and therefore, could be subject to these audits. The main purpose of the audits will be to determine whether covered entities and their business associates have developed and implemented policies in compliance with HIPAA.
OCR will start the 2016 audit process by sending emails to covered entities requesting their contact information and then sending a subsequent pre-audit questionnaire to gather information regarding the size, type and operation of the covered entity. OCR will be using this data to determine “potential audit subject pools”. It is very important for dental practices to check their junk/spam files for emails from OCR as entities that do not respond to OCR’s request may still be selected for an audit or a compliance review.
In order to promote transparency, OCR will be posting updated audit protocols on its website closer to conducting actual audits; this will allow organizations to use the provided information to conduct internal self-audits to ensure HIPAA compliance.
Dental practices are encouraged to utilize the resources below to make sure their office is HIPAA compliant:
• ADA’s Free HIPAA Resources
• ADA’s HIPAA Q&A
• ADA’s HIPAA Factsheet
• ADA’s Complete HIPAA Compliance Kit
Additionally, make sure to attend this year’s Pacific Northwest Dental Conference (PNDC), where you can earn CE by attending a lecture dedicated entirely to HIPAA compliance!
Understanding Cyber Risk in the Dental Office
Thursday, June 16 from 2:00-5:00 p.m.
Friday, June 17 from 1:00-4:00 p.m.
Speakers: Melissa Sanchez and Stephen Rose
Ms. Sanchez is the manager for NORDIC, providing professional liability insurance and risk management services to dentists in the Pacific Northwest. Mr. Rose has been one of the educators for the Washington State Medical Association since HIPAA privacy rules were first issued and has defended numerous healthcare providers during HIPAA investigations and audits by the Office for Civil Rights (OCR).