Printable format	E-mail article:	Search news:

By Arlene Furlong

Washington—The U.S. Office of Civil Rights now has the authority to issue subpoenas in investigations of alleged violations of the HIPAA Privacy Rule.

News that the secretary of Health and Human Services delegated the enforcement procedure was published in the April 16 Federal Register.

The notice came four years to the month since compliance with the HIPAA Privacy Rule—under the Health Insurance Portability and Accountability Act of 1996—became mandatory for covered entities on April 14, 2003. The rule created federal rights and requirements to protect the privacy of personal health information, such as patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers.

It covers health plans, health care clearinghouses and health care providers who conduct HIPAA standard financial and administrative transactions electronically.

Any dentist who transmits protected health information electronically using HIPAA standard transactions, or has someone do it on his or her behalf, must comply with the HIPAA privacy rule. The most common HIPAA standard electronic transactions used by dentists are electronic claims and eligibility inquiries. Others include electronic remittance advice and claims status inquiries.

"This should be a reminder to all of us to review our office policies and practices as they relate to patient privacy," Dr. Thomas Schripsema, vice chair of the ADA Council on Dental Benefit Programs, said about OCR's new authority to subpoena. "It's obvious that HHS takes privacy seriously, and with this action, it is apparent they intend to enforce it."

Dentists who don't comply risk an investigation of patient complaints that could lead to civil or criminal penalties. As of press time, the ADA Legal Division was unaware of any dentists under investigation. However, if a complaint is investigated, the ADA advises members to cooperate with the OCR. The ADA Department of Dental Informatics has learned complaints to OCR that arise about HIPAA compliance are often due to patients' misunderstanding of the rule.

Dr. Schripsema thinks privacy is going to become of greater importance to everyone as the nation moves closer to a comprehensive electronic health record for each individual. "Whether an office is doing everything electronically or not, good privacy practices will help satisfy patient concerns and prevent future compliance issues," he says.

Jean Narcisi, director of the ADA Department of Dental Informatics, says dentists have a strong tradition of safeguarding private health information.

"However, in today's world, the old system of paper records in locked filing cabinets is not enough," Ms. Narcisi advises. "With information broadly held and transmitted electronically, the privacy rule provides clear standards for the protection of personal health information."

The ADA is committed to keeping members up to date on HIPAA issues through articles in the ADA News and online at ADA.org. A wealth of HIPAA privacy information is available online at www.ADA.org/goto/HIPAA.

The ADA Department of Dental Informatics answers specific questions and concerns members' offices have about HIPAA issues. Members may call directly, Ext. 4608.

The ADA HIPAA Privacy Kit addresses dental office issues by summarizing the regulatory requirements and outlining specific steps dental offices should take to comply. It also includes a CD-ROM with everything that is in the manual. Kits cost $125. To order the kit, call 1-800-947-4746 or go to www.adacatalog.org.