Privacy Policy & HIPPA
We are committed to keeping all of our patient’s information private and will not discuss or share their personal information except with those they have authorized. We must shred and properly dispose of all documents that have any personal information on them.
Our Office Manager is our Privacy Officer. Be very sensitive what is said at front desk. Try to conduct most business behind the door or in the consultation rooms.
Below is a checklist provided by the ADA that we should regularly look over and verify our compliance.
ADA HIPAA Checklist
- Develop a compliance timeline, using this Checklist as a starting point.
2. Learn what HIPAA requires and do a gap analysis to assess where your current practices may be lacking.
3. Develop privacy policies, procedures, and documentation practices.
4. Develop necessary forms to implement your policies and practices (e.g., Acknowledgement of Receipt of Notice of Privacy Practices).
5. Develop a Notice of Privacy Practices to post and give to patients, and a method to document your good faith attempt to secure patients’ acknowledgement of receipt of the Notice.
6. Designate a Privacy Officer and a Contact Person to receive complaints.
7. Train employees in privacy. Document all training efforts.
8. Develop an employee discipline process for privacy violations.
9. Evaluate which of your relationships requires a Business Associate (BA) Agreement and enter into the required written contracts, using BA agreement language satisfying HIPAA’s specific requirements. (Compliance date is April 14, 2004 for amending existing written BA agreements, but those that are renewed or modified before then must be amended at the time of that renewal or modification.)
10. Your dental office should have appropriate administrative (e.g., policies, procedures, and staff training), technical (e.g., secure software and passwords), and physical (e.g., doors and locks) safeguards in place to make sure health information is private and secure.
11. Implement procedures to verify identity and authority to access, receive, or use what is protected health information (PHI) under HIPAA. Keep in mind that PHI includes oral communications (e.g., verbal communications among staff members, patients, and/or other providers).
12. Secure the right to use or disclose PHI. For purposes of treatment, payment, and healthcare operations (TPO), your good faith attempt to secure an Acknowledgement of receipt of your Notice of Privacy Practices will suffice. Otherwise, secure a written Authorization as required by HIPAA.
13. Plan to use PHI information by applying the minimum necessary standard, which will often require that you make reasonable efforts to use or disclose only the information that is needed to accomplish the intended purpose.
14. Know what patients’ federal rights are established by HIPAA, and develop processes to ensure you will honor those rights (e.g., the rights to access and copy protected healthcare information; the right to amend a patient record; the right to an accounting of disclosures, and the right to confidential communication, etc.).
15. Implement complaint systems.
16 Know the HIPAA marketing rules and follow them.
17. Limit the consequences if there is a breach of confidentiality by you and/or your Business Associate.
18. Develop and implement a HIPAA privacy self-audit program to make sure your compliance efforts are working.
19. Document, document, document!
American Dental Association 2002