Skip to main content
Toggle Menu of ADA WebSites
ADA Websites
Commissions
Toggle Search Area
Toggle Menu
e-mail Print Share

ADA comments on HIPAA Privacy Rule

Association calls proposed changes overly burdensome, seeks more time for implementation

May 11, 2021

By Kimber Solana

Washington — The ADA is asking the U.S. Department of Health and Human Services Office for Civil Rights to consider the burdens changes to the HIPAA privacy rule will impose on covered providers, including dentists.
   
The request was part of the Association’s formal comments to OCR in response to the agency’s Notice of Proposed Rulemaking on modifications to the Health Insurance Portability and Accountability Act Privacy Rule.
   
“Some of the proposed changes could inconvenience patients, take time away from patient care, disrupt schedules, or overburden dental offices,” ADA President Daniel J. Klemmedson, D.D.S., M.D., and Executive Director Kathleen T. O’Loughlin, D.M.D., said in their letter.  
   
These proposed changes include a 15-day timeframe for responding to requests for access; a proposal to permit patients to access, copy and photograph their protected health information at the time of their appointments; and a proposed requirement that covered providers develop fee schedules for providing copies of protected health information. Covered entities with websites would be required to post such schedules on their websites.
   
According to the Association, the extensive proposed changes would be overly burdensome for covered providers at any time, but particularly now when patients and dentists are still dealing with the COVID-19 public health emergency.
   
“Some of the covered dental practices may need to hire additional staff to support such activities,” Drs. Klemmedson and O’Loughlin wrote. “Since HIPAA compliance activities are unreimbursed, the cost would be borne by the dental practice and could lead to higher costs for patients.”
   
The Association also urged that dental providers be given ample time, no less than 365 days, to make appropriate revisions, implement changes, and train workforce members. Currently, the proposed effective date is 60 days after publication of the final rule, and the compliance date is 180 days after the effective date. According to the Association, these timeframes are unlikely to provide covered entities, particularly small businesses, sufficient time to come into compliance with the extensive changes proposed in the notice of proposed rulemaking.
   
“The ADA urges OCR to make no changes to the HIPAA Privacy Rule access provisions until such time as large and small dental practices will not struggle to find the time and staff resources to understand the changes and develop and implement modifications to the dental practice’s HIPAA policies and procedures,” Drs. Klemmedson and O’Loughlin wrote.
   
The ADA supported several of OCR’s proposals on the Privacy Rule, including those relating to care coordination and case management, as well as the elimination of the requirement that dental offices obtain a written acknowledgement of receipt of the Notice of Privacy Practices.

Follow all of the ADA’s advocacy efforts at ADA.org/Advocacy.