New privacy practice notices required
October 21, 2013
By Craig Palmer, ADA News staff
Washington—Model Notices of Privacy Practices are available from the U.S. Office for Civil Rights for use by HIPAA-covered health care providers and health plans. Most covered entity dental practices must provide notices explaining how the practice may use and disclose patient information and some of the rights patients have to control their information.
The updated ADA Practical Guide to HIPAA Compliance Privacy and Security Kit explains the Notice of Privacy Practices requirement and other changes under the Health Insurance Portability and Accountability Act omnibus final rule issued Jan. 17, 2013, and effective March 26 for compliance by Sept. 23, 2013.
The Association offers as examples of changes to existing HIPAA compliance programs required by the omnibus final rule and covered in the ADA HIPAA manual:
- New requirements for the Notice of Privacy Practices;
- Business associate agreements must be revised to include new provisions;
- A “compromise standard” replaces the “harm standard” under the breach notification rule;
- New rules on the sale of protected health information, marketing communications and fundraising;
- A new patient right to restrict disclosure to a health plan when the dental practice has been paid in full;
- Expanded rights of patients to receive electronic copies of their electronic protected health information;
- New rules on the disclosure of protected health information of decedents;
- Expanded definition of “business associate”;
- New compliance obligations for business associates and subcontractors; and
- An expanded definition of protected health information to include genetic information.
A dental practice is covered by HIPAA if it sends a “covered transaction” in electronic form, such as submitting a claim to a dental plan, or if another party, such as a clearinghouse, sends an electronic covered transaction on behalf of the dental practice.
Other examples of covered transactions and information about covered entities are available from the Centers for Medicare & Medicaid Services at hhs.gov.
The HIPAA privacy rule gives individuals a right to be informed of the privacy practices of health care providers and health plans.
The U.S. Department of Health and Human Services Office of the National Coordinator for Health Information Technology and Office for Civil Rights Sept. 16 released model Notices of Privacy Practices for covered entity health care providers and health plans to use to communicate with their patients and plan members. Three privacy notice options customizable by users and a text-only version are available from the Office for Civil Rights at hhs.gov.
The ADA Complete HIPAA Compliance Kit (J598) describes changes under the HIPAA omnibus final rule and offers tools to help dentists design and implement a comprehensive HIPAA compliance program. To purchase the kit visit adacatalog.org or call the ADA member service center at 800.947.4746.