Dentistry has been one of those niche industries that until recent years, didn’t have as much scrutiny on compliance. With the emergence of advanced dental technologies, the need for modernizing the IT infrastructure has become a key challenge for many practices. Title II of the 1996 Health Insurance Portability and Accountability Act (HIPAA) has had broad implications in health care, including dentistry. It required the creation and enforcement of multiple regulations for various purposes. Among dentists, the best known of these regulations is the HIPAA Privacy Rule, which had an initial compliance date of April 14, 2003. In addition to the Privacy Rule, there is a HIPAA Security Rule (initial compliance date April 20, 2005) and the HITECH Breach Notification Rule (initial compliance date February 22, 2010).
Department of Health and Human Services Office of Civil Rights (OCR) as the agency rolled out Phase 2 of its HIPAA Audit Program. One email asked covered entities to confirm contact information, then, if information was confirmed, covered entities received a questionnaire and were given 30 days to complete it. The number of emails sent was larger than originally anticipated since OCR had previously announced the number of audits they expected to conduct in Phase 2. Now, it appears OCR will move forward with full implementation of its audit program in 2017.