Social Distancing in Dentistry: HIPAA Compliance and Teledentistry Partners

The ongoing coronavirus pandemic has brought new challenges to dental practices in the United States and around the globe. With most dental practices limited to seeing only emergency cases, many dentists have turned to teledentistry to stay connected with patients while practicing social distancing; providing consultation, evaluation and next step actions.

Looking beyond use cases during the coronavirus pandemic, teledentistry can be used to market your practice, coordinate in care and facilitate patient communications when your practice is treating both emergency and non-emergency cases again. As with any new technology, teledentistry brings about new questions.

We asked healthcare risk management and compliance expert, Linda Harvey, RDH, to share her expertise in assuring the teledentistry technology you choose for your practice is compliant with the Health Insurance Portability and Accountability Act (HIPAA) rules and keeps the privacy and security of your patients intact. The following is what she shared with us.

Ask the expert: Privacy and security in teledentistry

Evolving health technologies offer innovative solutions for expanding patient care beyond the confines of a dental office. Typically, teledentistry options fall into one of two categories: synchronous (real-time) and asynchronous (not simultaneous or concurrent). Regardless of your chosen technology, maintaining the privacy and security of patient information is required both by the provider and the teledentistry service.

Maintaining the privacy and security of patient information largely falls under the HIPAA Privacy and Security Rules, as well as applicable state laws. The Privacy and Security Rules regulate protections for patients’ identifiable health information when it is collected and shared by covered entities. The Privacy Rule establishes limits on the use and disclosure of identifiable information: who you can and cannot share data with unless you have the patient’s written authorization. Covered entities are permitted to share patient data for treatment, payment, and operations, which includes the provision of teledentistry services.

The Security Rule establishes administrative, technical and physical safeguards for electronic identifiable health information. The Security Rule requires that data at rest, in use and in transit be secured, i.e. encrypted. Safeguarding patient data is an ever-growing challenge for covered entities and business associates alike due to the explosion of cyber threats, including ransomware and other types of hacking.

The Health Information Technology for Economic and Clinical Health Act (HITECH) extended specific HIPAA compliance requirements to business associates (BAs). The HITECH Act defined BAs as any entity (e.g. company or individual) that creates, receives, maintains, or transmits identifiable health information on behalf of a covered entity. This includes teledentistry providers as well as IT vendors, collection agencies, clearinghouses and third-party billing or accrediting agencies—to name a few.

Compliance requirements for teledentistry

Bearing in mind the HIPAA and HITECH Act regulatory requirements, it’s important to select a teledentistry partner that is HIPAA compliant. Some of the expected compliance requirements for your teledentistry partner include:

• Signing a Business Associate Agreement
• Conducting a Security Risk Analysis—ideally yearly, considering rapid technology changes
• Training their team members and providing periodic security awareness updates
• Maintaining and regularly updating their written security policies including an Incident Response Plan and Contingency Plan

As you step into the teledentistry era, it’s important to instill patient trust and willingness to adopt and use your system by proactively selecting HIPAA compliant teledentistry partners.

– – –

About the author

Nationally recognized healthcare risk management and compliance expert, Linda Harvey, RDH, assists dentists and teams to navigate regulatory requirements. She is the founder and President of two compliance-related companies.

In her programs, Linda draws from real-world experience, having worked with offices that have undergone HIPAA, OSHA and Infection Control audits. Linda’s program will challenge you to look at your compliance programs from a different perspective, particularly amid the COVID-19 crisis.

Want to print this story? Download the image-free PDF.

About Post Author

Linda Harvey

As a nationally recognized healthcare risk manager and compliance expert, Linda Harvey teaches dentists and teams how to effectively integrate regulatory compliance into their practices. Linda draws from real-world experience, having worked with clients who have undergone HIPAA, OSHA and Dental Board audits. <a href="http://www.lindaharvey.net/">Linda speaks and consults</a> in the areas of risk management, regulatory compliance, remediation courses and dental record audits. In addition to active membership in the National Speakers Association, Academy of Dental Management Consultants and American Society of Healthcare Risk Management, Linda is also a Distinguished Fellow in the American Society of Healthcare Risk Management.