Why Dentists Should Pay Attention to the HIPAA Privacy Rule Changes

On May 11, 2021, the American Dental Association (ADA) filed public comments regarding Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule modifications to the U.S. Department of Health and Human Services’ Office for Civil Rights. The changes run the gamut of issues, but how much of it actually applies to dental practices? We’ve dissected the ADA’s comments into the need-to-know facts. 

Consideration of provider burden

“Some of the proposed changes could inconvenience patients, take time away from patient care, disrupt schedules, or overburden dental offices,” ADA President Daniel J. Klemmedson, D.D.S., M.D., and Executive Director Kathleen T. O’Loughlin, D.M.D., said in their letter. Covered providers will, in particular, be affected by the proposed 15-day timeframe for responding to requests for access; the proposal to permit patients to access, copy, and photograph their protected health information at the time of their appointments; and the development of fee schedules for providing copies of the information and post such schedules on their websites. This might require some practices to hire additional staff, and since HIPAA compliant activities are not reimbursable, it would force dentists to increase costs for patients.

Request for delayed enforcement

For these reasons, the ADA is asking for no less than 365 days to make appropriate revisions, implement changes, and train workforce members on the changes that need to take place within the office. “Many covered entities rely on outside individuals and entities, including the ADA and its endorsed vendors as well as law firms and consultants, to inform, advise, and support their HIPAA compliance due (to) the law’s complexity; thus, it may best serve compliance if these covered entities wait until these individuals and entities analyze rule changes, update their information, resources, and products, and provide support to the covered entities as appropriate,” the letter goes on to state, noting revising Notices of Privacy Practices and HIPAA privacy policies and procedures, implementation of new workflows, and training.

Access options and fees

“Attempting to navigate this complicated mix of regulatory options and obligations will result in burdens for patients and for covered entities, particularly covered entities that are small businesses,” the letter states, breaking down the new definitions of electronic health records and personal health applications. “The time and money that would be required to revise dental practice policies and procedures, train staff, and administer the proposed changes in compliance with HIPAA would be better spent on providing and improving patient care in the dental operatory and service in the dental practice business office.” The ADA stresses that dental practices now dealing with the backlog of delayed care from the COVID-19 pandemic.

Cost-benefit analysis

“While the change might result in some cost savings over time, the compliance burden (such as revising policies and procedures, retraining staff, revising the Notice of Privacy Practices, developing and posting fee schedules, and complying with burdensome and time consuming requests to inspect and record PHI at appointment time) will fall disproportionately on small entities, which lack the in-house legal, administrative, and technical personnel and expertise of large covered entities,” the letter states. “Small covered entities, such as solo and small group dental practices, are more likely to lack inhouse capabilities to manage the changes, and are more likely to need to hire consultants to assist with the changes and staff to manage them.”

What’s next?

Contact the experts at Professional Transition Strategies for more guidance on how to navigate the ever-changing tide of the dental industry.