Dentistry has been one of those niche industries that until recent years, didn’t have as much scrutiny on compliance. With the emergence of advanced dental technologies, the need for modernizing the IT infrastructure has become a key challenge for many practices. Title II of the 1996 Health Insurance Portability and Accountability Act (HIPAA) has had broad implications in health care, including dentistry. It required the creation and enforcement of multiple regulations for various purposes. Among dentists, the best known of these regulations is the HIPAA Privacy Rule, which had an initial compliance date of April 14, 2003. In addition to the Privacy Rule, there is a HIPAA Security Rule (initial compliance date April 20, 2005) and the HITECH Breach Notification Rule (initial compliance date February 22, 2010).

Department of Health and Human Services Office of Civil Rights (OCR) as the agency rolled out Phase 2 of its HIPAA Audit Program. One email asked covered entities to confirm contact information, then, if information was confirmed, covered entities received a questionnaire and were given 30 days to complete it. The number of emails sent was larger than originally anticipated since OCR had previously announced the number of audits they expected to conduct in Phase 2. Now, it appears OCR will move forward with full implementation of its audit program in 2017.

From the returned questionnaires, OCR will randomly choose approximately 200 covered entities to undergo a desk audit. Following the desk audits, an unknown number of business associates identified through the questionnaire also will go through desk audits and other covered entities, plus a few covered entities who completed desk audits, will have on-site audits. All desk audits are expected to be completed by the end of this year. It is likely that some on-site audits will continue into 2017. This is the entirety of Phase 2.

Following Phase 2 is the launch of the full audit program. The audit program was authorized with passage of the Health Information Technology for Economic and Clinical Health Act (HITECH) in 2009. It is to be an ongoing program to help OCR assess HIPAA compliance efforts and discover privacy and security risks and vulnerabilities that previous complaint investigations and compliance reviews have not revealed. OCR intends to identify best practices and will provide guidance in areas where covered entities and business associates face compliance challenges. An audit is not an investigation and the assessment of fines and penalties is not part of the audit program. However, if warranted, auditors may recommend investigation of covered entities and business associates.

The audit program focuses on compliance with the HIPAA Privacy, Security and Breach Notification rules. Covered entities selected for a desk audit will be asked to submit specific documentation via a secure web portal. Dental practices should ensure a security risk analysis has been conducted and that required policies and procedures are in place. For example, a dental practice should ensure its Notice of Privacy Practices is dated no earlier than Sept. 23, 2013, when HIPAA amendments became effective, and that it is posted on the practice website. A covered entity selected for a desk audit will have 10 days to submit requested documentation to OCR.

These growing regulatory requirements are forcing many dental practices to re-evaluate how they look at their business computing infrastructure. For example, most practices still have aging pedestal servers that house critical medical records systems and PC’s across their practices. In contrast, most human health institutions eliminated PC’s years ago and with it, all the many security and management nightmare
With the niche requirements from medical records vendors to only support IT solutions that by modern standards, are considered antiquated, Dental practices find themselves almost stuck between increasing risk of compliance violations/data breaches and having limited IT options – until now.We are excited to unveil the industry-first Dental IT platform that can transform how business computing is done. Key benefits include:

  • Significantly reduce risk and exposure
  • Eliminate need to ever buy and own another depreciating server
  • Achieve world-class redundancy, speed and security at a fixed-cost
  • Shift IT spending from CAPEX to OPEX.
  • Reduce cost while increasing stability and security.

Contact us today for a consultation and transform your dental practice!

what our clients are saying