A Dentist’s Guide to the Law

Learn about laws that may affect your dental practice.

Legal Requirements That Every Dentist Should Understand

Knowing the laws that govern dental practice can help you avoid costly, time-consuming legal challenges. Below you will find key points from the ADA publication, A Dentist’s Guide to the Law: 246 Things Every Dentist Should Know.

About the Guide

This newly revised publication from the ADA Division of Legal Affairs is a practical resource to address the wide array of legal issues relevant to you, your team and your practice. A Dentist’s Guide to the Law: 246 Things Every Dentist Should Know, Fourth Edition, includes both new and longstanding questions and answers in a user-friendly format with additional related references and resources in each chapter.

The guide addresses key questions such as:

  • What are the advantages and disadvantages of a sole proprietorship?
  • What does the Americans with Disabilities Act require for office design?
  • Are there legal issues in making the transition to a paperless office?
  • Can I require that job applicants take a drug test?
  • What legal limits are there on advertising my practice?
  • What are "biometrics" and how might they affect healthcare providers?
  • Can I charge interest on overdue amounts?
  • How often should patients be asked to update their health history forms?

This fourth edition contains updated information on many legal topics, such as the various regulations relating to HIPAA, the Sunshine Act, the Payment Card Industry Data Security Standard (PCI DSS), and the federal Anti-Kickback Statute and Self-Referral (Stark) Law. It also includes new material on issues such as emergency preparedness, biometrics and ransomware. Sample contracts, checklists and other helpful supplementary materials are included in the appendices. Use this book to help you better understand the legal issues you may face, how to avoid certain legal problems and the kinds of questions you should ask your own attorney if a legal problem arises.

We’ve included relevant portions of the guide below. The full guide is available from the ADA Store.

Laws That May Affect Your Practice

The Age Discrimination in Employment Act

The Age Discrimination in Employment Act (ADEA) prohibits organizations with 20 or more employees from discriminating against workers or job applicants who are 40 years of age or older. Some states also have age discrimination laws that may apply to employers with fewer employees or different age classifications.

The Americans with Disabilities Act

The Americans with Disabilities Act is a federal law that protects individuals with disabilities in places of public accommodation (such as a dental office), as well as certain employees with disabilities. State or local laws may also apply. In the dental office, the public accommodation provision of this federal law prohibits discrimination against members of the public, such as patients and their family members, who have “disabilities.” The employment provision of the Act prohibits employers with 15 or more employees from discriminating against “qualified people with disabilities.” States and local jurisdictions may enact disability discrimination laws that apply to employers with fewer than 15 employees. State and local laws may also give employees and members of the public more rights than the Act.

Public accommodations

As places of public accommodation, dental practices must take certain steps to provide accessibility to disabled individuals. For example, the dental office may need to provide ramps, elevators, and other specific structural changes to accommodate wheelchairs. For more information see U.S. Department of Justice, ADA Update: A Primer for Small Business.

Effective communication

The Americans with Disabilities Act also requires dental practices to communicate effectively with individuals with disabilities. For example, in certain circumstances, a dental practice may have to provide a sign language interpreter or other auxiliary aid or service to a member of the public who is deaf. For more information about effective communications under the Act, see the Department of Justice publication, Effective Communication.

Service animals

A dental practice may also be required under the AwDA to permit a disabled individual to be accompanied by a service animal. Only dogs and miniature horses can qualify as service animals under the Americans with Disabilities Act, although state or local law may permit other kinds of animals to qualify. For information about when a dog or miniature horse qualifies as a service animal under the Act, and the questions the Act permits a dental practice to ask an individual who wishes to be accompanied by a service animal, see the Department of Justice publication, Service Animals.

Mobility devices

A dental practice may be required by the Act to allow an individual to use a manual or power mobility device in the dental office. Mobility devices may include walkers, wheelchairs, electric scooters and devices such as Segways. A dental practice must allow a disabled individual who uses a power-driven mobility device to use the device in the dental office unless the device cannot be accommodated because of legitimate safety requirements. If legitimate safety requirements bar accommodation for a particular type of device, the dental practice must provide the service it offers in alternate ways, if possible. See the Department of Justice publication, Wheelchairs, Mobility Aids, and Other Power-Driven Mobility Devices.

Website accessibility

The U.S. Department of Justice (DOJ) has applied the Americans with Disabilities Act in situations where a public accommodation’s website is allegedly inaccessible to individuals with disabilities. The DOJ has not yet issued final standards or guidelines for website accessibility. However, in several cases, the DOJ has reached settlement agreements in which public accommodations have agreed to ensure that their websites conform to the World Wide Web Consortium (W3C) Web Content Accessibility Guidelines (WCAG) 2.0 level AA. Appendix 17: Sample Website Development Agreement includes a provision requiring the website designer to represent and warrant that all deliverables will conform to WCAG 2.0 Level AA. For more information about the W3C, visit the W3C website. WCAG 2.0 can be found here.

Direct threat

The Americans with Disabilities Act generally permits the exclusion of individuals who pose a “direct threat” to others. A direct threat is defined as “a significant risk to the health or safety of others that cannot be eliminated by reasonable accommodation.” A direct threat of substantial harm must be established through objective and medically supportable methods, not based on generalizations or stereotypes.


Under the employment provision of the Act, an employee of a dental office with 15 or more employees cannot be disqualified from a position based on a disability (for example, using a wheelchair) as long as the employee can perform the job duties with or without reasonable accommodations. The Act may require the employer to provide time off, restructure the job, change work schedules, provide equipment, or make structural changes to the office so an employee with a known disability can perform the job, as long as making the accommodations would not impose an undue hardship on the employer’s business. Employers with fewer than 15 employees may have similar obligations under state or local law.

Definition of “disability”

An individual has a “disability” and is protected by the Americans with Disabilities Act (1) if he or she has a physical or mental impairment that substantially limits one or more major life activities, (2) if he or she has a record of such an impairment, or (3) is regarded as having such an impairment. A person is also protected against discrimination if he or she has a known association or relationship with an individual with a disability.

There are no per se disabilities under the Act; each case must be assessed on an individualized basis.

Employment discrimination

For purposes of employment discrimination, the U.S. Equal Employment Opportunity Commission (EEOC) has stated that certain impairments will consistently meet the definition of disability and refers to the proposed regulations in identifying the following examples (not an exhaustive list): “deafness, blindness, intellectual disability (formerly known as mental retardation), partially or completely missing limbs, mobility impairments requiring use of a wheelchair . . . autism, cancer, cerebral palsy, diabetes, epilepsy, HIV/AIDS, multiple sclerosis, muscular dystrophy, major depression, bipolar disorder, post-traumatic stress disorder, obsessive-compulsive disorder, and schizophrenia. Other impairments may be substantially limiting for some but not for others, including asthma, back and leg impairments, and learning disabilities.”

The term “impairment” covers physiological and mental or psychological conditions. A physiological impairment is a condition or disorder, an anatomical loss affecting any of the major body systems, or a cosmetic disfigurement. A psychological impairment includes emotional or mental illness, learning disabilities, and disorders such as intellectual disability.

The following are examples of abilities and activities that fall within the definition of major life activity: ”caring for oneself, performing manual tasks, seeing, hearing, eating, sleeping, walking, standing, sitting, reaching, lifting, bending, speaking, breathing, learning, reading, concentrating, thinking, communicating, interacting with others, and working.”

Major life activities also include the operation of “major bodily functions” such as “functions of the immune system, special sense organs and skin, normal cell growth, digestive, genitourinary, bowel, bladder, neurological, brain, respiratory, circulatory, cardiovascular, endocrine, hemic, lymphatic, musculoskeletal, and reproductive functions. Although not specifically stated in the NPRM, the final regulations state that major bodily functions include the operation of an individual organ within a body system (e.g., the operation of the kidney, liver, or pancreas).”¹

The positive effects of “mitigating measures” (other than ordinary contact lenses or eyeglasses) must be ignored in determining whether an impairment substantially limits a major life activity. However, the negative effects of a mitigating measure can be considered in determining whether a person has a disability (for example, side effects of medication). Examples of such mitigating measures may include, for example, “medication, medical equipment and devices, prosthetic limbs, low vision devices (e.g., devices that magnify a visual image [but not ordinary eyeglasses or contact lenses]), hearing aids, mobility devices, oxygen therapy equipment, use of assistive technology, reasonable accommodations, and learned behavioral or adaptive neurological modifications…[as well as] psychotherapy, behavioral therapy, and physical therapy…”¹

The fact that a mitigating measure eliminates or reduces an impairment cannot be taken into account in determining whether an individual has a disability. However, the positive and negative effects of mitigating measures can be considered when assessing whether a person with a disability is entitled to reasonable accommodations or poses a direct threat.

An individual with an impairment that is episodic or in remission is considered disabled if the impairment would substantially limit a major life activity when active. Examples include epilepsy, hypertension, asthma, diabetes, major depressive disorder, bipolar disorder, and schizophrenia.

Disability does not include transvestism, transsexualism, pedophilia, exhibitionism, voyeurism, gender identity disorders not resulting from physical impairments, or other sexual behavior disorders; compulsive gambling, kleptomania, or pyromania; or psychoactive substance use disorders resulting from current illegal use of drugs (29 CFR§1630.3(d), available from the U.S. Government Publishing Office.

Where to find more information

For more information on the Americans with Disabilities Act, see the Department of Justice publication, Americans with Disabilities Act Questions and Answers. You may also consult the U.S. Equal Employment Opportunity Commission publication, Questions and Answers on the Final Rule Implementing the ADA Amendments Act of 2008.

At-Will Employment

An “at-will” employment arrangement simply means that the employer and the employee work at the “will” of the other. With this type of arrangement, the employer can terminate the employee at any time for any reason and the employee can quit at any time. You are allowed in most states to fire an at-will employee for any reason or for no reason at all (but not for a wrongful reason such as discrimination or retaliation). In lay terms, it means that either the employer or the employee is free to end the work relationship. However, not all employment relationships are at-will. Sometimes a written or oral contract (or even an implied contract) can exist that imposes restrictions on the employer’s right to terminate the relationship. Moreover, some states put restrictions on the at-will doctrine. Consult your attorney regarding individual state law.

Title VII of the Civil Rights Act of 1964

It is illegal to discriminate against or harass an individual because of race, color, religion, national origin, gender, or pregnancy, according to Title VII of the Civil Rights Act of 1964. This act applies to dental offices with 20 or more employees. It protects the employees of a dental office from discrimination in the terms and conditions of their employment.

Employees in a dental office may be more vulnerable to discrimination or harassment than in other work settings because they usually report to one person: the dentist. In addition there are frequently no strict guidelines for hiring, promoting, and rewarding employees in a small business as there are for large organizations.

Examples of discrimination in the dental office can include unfair denial of a job, not getting equal pay, denial of a deserved promotion, or termination, when caused in whole or part by unlawful consideration of the employee’s status as a member of a class of persons protected by the law. Employees who feel discriminated against may contact the Equal Employment Opportunity Commission to voice a complaint. They may also file a complaint charge at the state level.

Harassment is simply a form of prohibited discrimination under Title VII and similar state and local laws. Under these laws, all employers are expected to provide their employees with a harassment-free work environment. Keep in mind that harassment includes sexual harassment as well as verbal or physical conduct that denigrates or shows hostility or aversion to an individual on the basis of race, color, religion, gender, national origin, age, disability, sexual orientation, marital status, pregnancy, and any additional protected categories under federal or applicable state or local law. This conduct has the purpose or effect of creating a hostile work environment, or unreasonably interferes with an individual’s work performance opportunities. Today, prudent employers have policies in place that address all types of harassment.

Sexual harassment is one form of prohibited discrimination, and one of the most commonly claimed forms of prohibited discriminatory harassment. Your staff members work in close contact with patients during dental treatment, and while performing other tasks as well. Unfortunately, inappropriate advances and behavior can take place in these situations. As a result, dentists should always be vigilant in dealing with all forms of sexual harassment.

The following is the United States Equal Employment Opportunity Commission (EEOC)’s basic definition of sexual harassment:

Unwelcome sexual advances, requests for sexual favors, and other verbal or physical conduct of a sexual nature constitutes sexual harassment when submission to or rejection of this conduct explicitly or implicitly affects an individual’s employment, unreasonably interferes with an individual’s work performance, or creates an intimidating, hostile, or offensive work environment.

According to the U.S. Supreme Court and the Equal Opportunity Commission’s Guidelines on Discrimination Based on Sex, employers can be held liable for sexual harassment of employees by non-employees. This means that once an employee reports non-employee harassment, a prompt investigation is advisable.

When a report of harassment is received, the dentist, or management, should promptly conduct a thorough investigation. It may be necessary to confront the alleged harasser and demand that the offending behavior stop, to suspend any contact between the alleged harasser and the employee, to issue a written warning, or to terminate the employer’s relationship with the non-employee. However, dentists will want to avoid any claims of patient abandonment and should consult the state dental practice act before terminating a relationship with a patient.

Dentists should also maintain written records of any investigations and the actions taken, in case this information is required to defend against any lawsuit an aggrieved employee might file.

Dentists should consult with their qualified attorneys regarding this issue, as well as to receive guidance as to how to write a dental office anti-harassment policy that complies with applicable law.

Guidelines for developing an anti-harassment policy

Dentists should establish effective and ongoing anti-harassment policies and procedures in the dental office. The policy should cover all forms of harassment. The U.S. Equal Employment Opportunity Commission (EEOC) encourages employers to prevent and correct harassment in the workplace by:

  • Clearly communicating to employees that unwelcome harassing conduct will not be tolerated
  • Establishing an effective complaint or grievance process
  • Providing anti-harassment training to managers and employees
  • Taking immediate and appropriate action when an employee complains
  • Creating an environment in which employees feel free to raise concerns and are confident that those concerns will be addressed

EEOC encourages employees to inform a harasser directly that the conduct is unwelcome and must stop, and to report harassment to management at an early stage to prevent its escalation.

Employer policies prohibiting harassment frequently include the following provisions:

  • A definition of harassment, with examples (the policy’s definition of harassment should meet or exceed the legal standard and make it clear that harassment that meets the definition will not be tolerated)
  • The employee’s responsibility to report incidents of harassment as soon as possible
  • An effective procedure for reporting, investigating, correcting, and preventing harassment
  • Protection for the privacy and confidentiality of all allegations and investigations (however, employers should not promise absolute confidentiality)
  • Disciplinary action, up to and including discharge, for violation of the policy
  • A prohibition against retaliation against an employee for making a bona fide complaint under the policy
  • Training (and periodic retraining) for all employees, who receive copies of the policy and any updates
  • An acknowledgement to be signed by each employee stating that the employee received and understands the policy and procedures

Harassment by non-employees

Dentists should clearly communicate to employees and non-employees that all forms of harassment will not be tolerated. For example, anti-harassment policies can be posted in an area where employees – as well as non-employees – can see them.

Offensive materials

Be sure all areas of your dental office, including your employee’s break area, are free of materials that could possibly offend others. For example, items such as illustrations or cartoons that address issues such as religion and sexuality could be considered offensive to some, and therefore promote a hostile work environment.

COBRA Benefits

A dental practice is subject to the Consolidated Omnibus Budget Reconciliation Act of 1985 (COBRA) if it employs 20 or more employees.

COBRA requires employers to offer certain individuals who lose benefit protection the option of purchasing a temporary extension of their group health care plan coverage. The 2009 economic stimulus act (the American Recovery and Reinvestment Act or ARRA) made changes to the COBRA coverage continuation provisions. Dentists who are subject to COBRA should become familiar with the changes to the law and COBRA’s new notice provisions.

The Employee Retirement Income Security Act (ERISA)

As an employer, if you offer to your employees a retirement plan or a health benefit plan, you may be subject to certain requirements under the Employee Retirement Income Security Act (ERISA).

Generally, your insurance company will take care of your ERISA obligations. However, you should be familiar with this law to make sure your insurance company is acting in compliance with ERISA’s requirements.

The Equal Pay Act

The Equal Pay Act is a part of the federal wage and hour laws. In general, it states that two employees of different genders who do the same work must receive the same amount of pay. Exceptions include seniority and merit systems. An employer who is in violation of the Equal Pay Act may not reduce an employee’s wages in order to comply.

The Equal Pay Act only applies to pay differences between men and women. Other federal laws that protect employees from pay inequities based on color, race, national origin, age, disability, or religion include Title VII of the Civil Rights Act of 1964, the Age Discrimination in Employment Act (ADEA), and the Americans with Disabilities Act (AwDA).

The Fair Credit Reporting Act (FCRA)

In basic terms, the Fair Credit Reporting Act (FCRA) is a law designed to make sure all information reported by a consumer report agency (CRA) is fair and accurate. CRAs are mainly credit bureaus that gather and sell information, such as bill-paying and bankruptcy details, to creditors, employers, and other organizations. This law comes into effect if you use a third-party for reference and credit checks on job candidates. For more information about the FCRA, visit the Federal Trade Commission website.

The Family and Medical Leave Act (FMLA)

The federal Family and Medical Leave Act (FMLA) requires employers of 50 or more workers to provide employees who have worked for them for at least one year with up to 12 weeks of unpaid job-protected leave a year for family emergencies, including the birth, adoption, or foster placement of a child, and serious illness of the employee or a member of the employee’s immediate family. An employee who is on active military duty (or who is the spouse, parent, or child of an individual on active military duty) is entitled to 12 weeks of job-protected leave to attend certain service-related functions such as military events, and may be entitled to a total of 26 weeks unpaid leave if a family service member is injured or falls ill in the line of duty.

Although the federal FMLA applies to businesses with 50 or more employees, some states have enacted family and medical leave laws applicable to employers with fewer than 50 employees. Carefully review applicable laws with your attorney. Employers who are not large enough to be required to provide medical or family leave under a state law may choose to implement policies for sick leave, vacation, or personal days that would apply to these situations.

The Federal Insurance Contributions Act (FICA)

This federal law requires you to withhold two taxes – Social Security tax and Medicare tax – from the wages you pay your employees, up to a certain annual limit.

The Federal Unemployment Tax (FUTA)

The Federal Unemployment Tax (FUTA) requires employers to pay this tax based on the wages of their employees. Businesses pay this tax out of their own pocket; it is not withheld from employee paychecks.

The Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is a federal law that affects the privacy and security of patient information. HIPAA applies to dental practices that are “covered entities” under HIPAA – generally because they transmit patient health information electronically, such as by submitting electronic claims to an insurance company, or because patient health information is transmitted electronically on their behalf (for example, by a billing service).

HIPAA requires covered dental practices to take certain steps to safeguard the privacy and security of patients’ “protected health information” (“PHI”) and gives patients certain rights concerning their health information. Staff must be trained in the written HIPAA policies and practices adopted by the dental office and training must be documented. Covered dental practices must retain documentation of their HIPAA compliance for at least six years from the date the document was created, or at least six years from the date the document was last in effect, whichever is later. The U.S. Department of Health and Human Services Office for Civil Rights, which is the federal agency that enforces HIPAA, can require a covered dental practice to produce documentation of HIPAA compliance in the course of an investigation or compliance review.

Dental practices that are not covered by HIPAA must comply with applicable state laws governing the privacy and security of patient information. HIPAA covered dental practices must comply with both HIPAA and with any applicable state law requirements that are either not contrary to HIPAA, or that are contrary to but more stringent than HIPAA.

The National Labor Relations Act (NLRA)

The National Labor Relations Act contains provisions relating not only to unionized employee workplaces but also to non-unionized workplaces. Specifically, the NLRA affords unionized and non-unionized employees alike the right to discuss amongst themselves any matter affecting the “terms and conditions of employment,” such as pay, work hours, discipline, and any other matters affecting their work. Accordingly, employers cannot take disciplinary action against employees because they exercised their rights under the NLRA, and cannot maintain policies that limit employee rights in this regard. This means, for example, that employers cannot have a policy that prohibits employees from sharing their compensation rates with each other and that employers cannot take disciplinary action against an employee for doing so.

Recently, the National Labor Relations Board has focused on employee discussions taking place on social media platforms such as Facebook and Twitter, and has made clear that employee communications taking place off-hours on personal computers and mobile phones about terms and conditions of employment are also protected under the Act. Protected activity can even include making disparaging remarks about the practice, supervisors and even co-employees, as long as it can be interpreted as relating to terms and conditions of employment and is not grossly offensive or threatening.

Negligent Hiring and Retention

The nature of contact between health care providers (including dental professionals and their employees) and the public is often more “physical” than in the general workforce. In addition, patients often see health care providers under circumstances that may put the patient in a “vulnerable” position.

Because of this, a dentist must protect his or her patients by hiring suitable employees with good work histories. Checking the background of job applicants can provide helpful information. For example, it would be hard for a dentist to argue that the risk of harm was unforeseeable if an employee’s bad track record would have been revealed by a background check.

Under a “negligent hiring” claim, an employer can be held liable for an employee who commits wrongdoing on the job, or who injures someone. The “negligent hiring” concept has two components:

  1. Negligent hiring: an employer’s failure to discover a job applicant’s incompetence or unfitness by checking references and criminal backgrounds
  2. Negligent retention: an employer’s failure to take any corrective action with respect to a current employee, such as discharge or retraining, to correct a known problem

To help protect your practice against a claim based on negligent hiring you can:

  • Use job application forms that meet federal, state, and local employment laws
  • Request copies of an applicant’s professional licenses, certifications, and degrees
  • Obtain consent from applicants for background checks and to contact former employers and educational institutions
  • Always check employment references
  • Make notes of former employers who refuse to release information on an applicant
  • Use the job interview to clarify “gaps” in the resumé or application
  • Document all inquiries and actions taken during the background and interview process
The Occupational Safety and Health Act (OSHA)

The Occupational Safety and Health Act (OSHA) imposes a general duty on employers to maintain a hazard-free workplace and to comply with applicable safety and health standards.

The OSHA Standard on Occupational Exposure to Bloodborne Pathogens requires dental practices to provide training during work hours, at no cost, to employees at risk of occupational exposure after the employee is hired and annually thereafter.

Employees should be trained on the topics listed in the Standard, including:

  • Bloodborne Pathogens Standard
  • Symptoms of bloodborne diseases
  • Modes of transmission
  • Universal Precautions
  • Personal Protective Equipment

A dental practice should have an infection control manual. The American Dental Association offers many products to help in the training of employees regarding OSHA standards. For additional information regarding OSHA training products, click here.

The Pregnancy Discrimination Act

In simple terms, the Pregnancy Discrimination Act of 1978 provides that a woman cannot be fired or denied a job because of pregnancy, childbirth, or related medical conditions.

If a woman’s pregnancy limits her job function, she must be granted the same job considerations as others with similar limitations or abilities. An employee on pregnancy leave must receive the same benefits (such as pay increases, vacation, and seniority) given to employees on leave for other reasons. The Pregnancy Discrimination Act also obligates the employer to hold the job open for the same length of time as for other employees on disability or sick leave. The law forbids permanent replacement of a pregnant employee, although a temporary replacement can be hired for the course of the maternity leave.

State Unemployment Compensation Laws

Employees whose employment is terminated involuntarily may have rights to some periodic unemployment compensation under state unemployment compensation laws. States vary with respect to who is entitled to such compensation and under what circumstances, so you are advised to check with a qualified attorney in your area to fully understand when a terminated employee may be eligible to collect unemployment compensation. In most states, however, an employee terminated for poor work performance is likely to be entitled to collect unemployment compensation, while an employee terminated for an aggravated assault on another team member will likely not be able to collect.

Other Government Websites

Abuse and neglect
Child Welfare Information Gateway


Advertising FAQs: A Guide for Small Business

Advertising and Marketing on the Internet: Rules of the Road

Complying with the Telemarketing Sales Rule

Business Guide to the FTC’s Mail, Internet, or Telephone Order Merchandise Rule


Department of Justice and Federal Trade Commission Statements of Antitrust Enforcement Policy in Health Care

Children’s Online Privacy Protection Act (COPPA)

COPPA: Children’s Privacy

Complying with COPPA: Frequently Asked Questions


Americans with Disabilities Act (U.S. Department of Justice)

Public Accommodations Q&A

Effective Communication

Service Animals

Wheelchairs, Mobility Aids, and Other Power-Driven Mobility Devices

Barrier-Free Health Care Initiative

Americans with Disabilities Act Primer for Small Business


Section 1557 of the Affordable Care Act

Drug diversion, addiction and abuse

DEA Diversion Control Division

Drug Addiction in Health Care Professionals


Employer’s Tax Guide

Employment Laws Assistance for Workers and Small Businesses (elaws)

Equal Employment Opportunity Commission (U.S.)

Internal Revenue Service, Independent Contractor or Employee?

Small Business Administration, Workplace Posters

U.S. Citizenship and Immigration Services (I-9 forms)

Fraud and abuse

Medicaid Compliance for the Dental Professional

This web page includes:

  • Dental Medicaid Compliance Fact Sheet
  • Dental Pediatric Best Practices Brochure
  • Dental Medicaid Compliance Resource Guide
  • Dental Medicaid Compliance Educational Video (YouTube-90 Minutes)
  • Dental Medicaid Compliance Educational Video Handout

Fraud and Abuse Training Materials

This web page includes:

  • A Roadmap for New Physicians: Avoiding Medicare and Medicaid Fraud and Abuse
  • PowerPoint presentation
  • Speaker notes set

OIG Compliance Program for Individual and Small Group Physician Practices (Guidance for Developing)

List of Excluded Individuals and Entities (LEIE)

Using the LEIE Exclusions Online Database and Downloadable Databases (video)

HIPAA and health information technology

Are You a Covered Entity?

Cyber Attack Checklist

Cyber Attack Quick Response Infographic

Covered Entities and Business Associates

HIPAA Frequently Asked Questions


Office for Civil Rights

Permitted Uses and Disclosures: Exchange for Public Health Activities

HIPAA training materials

OCR HIPAA Educational Videos on YouTube

Health IT Privacy and Security Resources for Providers

HIPAA and business associates

Business Associates

Sample Business Associate Agreement Provisions

HIPAA notice of privacy practices

Model Notices of Privacy Practices (English and Spanish)

Notice of Privacy Practices

HIPAA privacy topics

Access: Individuals’ Right Under HIPAA to Access Their Health Information

De-identification: Guidance on De-identifying Protected Health Information

Deceased Individuals

Disclosures for Public Health Activities

Employment: Employers and Health Information in the Workplace

Family, Friends, and Others: Communicating with a Patient’s Family, Friends, or Others Involved in the Patient’s Care

Government Access: Restrictions on Government Access to Health Information

Health Care Operations: Permitted Uses and Disclosures: Exchange for Health Care Operations 

HIPAA Privacy Rule: A Guide for Law Enforcement

Incidental Uses and Disclosures

Information Related to Mental and Behavioral Health, Including Opioid Overdose

Interoperability: Blog: The Real HIPAA Supports Interoperability


Minimum Necessary Requirement

Personal Representatives

Refill Reminders


Same-Sex Marriage and Loved Ones: Guidance on HIPAA, Same-Sex Marriage, and Sharing Information with Patients' Loved Ones

Student Immunizations

Treatment, Payment and Health Care Operations

Treatment: Permitted Uses and Disclosures: Exchange for Treatment

Workers Compensation

Other OCR HIPAA Guidance Materials

HIPAA breach notification

HIPAA Breach Notification Rule

HIPAA information for individuals

HIPAA Information for Individuals

This web page includes:

  • Court Orders and Subpoenas
  • Employers and Health Information in the Workplace
  • Family Members and Friends
  • FAQs
  • HIV and HIPAA
  • Mental Health & Substance Use Disorders
  • Notice of Privacy Practices
  • Personal Representatives
  • Right to Access
  • Your Medical Records
  • Your Rights Under HIPAA

HIPAA and security

Security Risk Assessment Tool

Top 10 Myths of Security Risk Analysis

Security Rule Guidance

This web page includes:

  • Security 101 for Covered Entities
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • HIPAA Security Organizational, Policies and Procedures and Documentation Requirements
  • Basics of Security Risk Analysis and Risk Management
  • Security Standards: Implementation for the Small Provider

Risk Analysis Under the HIPAA Security Rule

HIPAA and emergency preparedness

Emergency Preparedness Planning and Response

Disclosures for Emergency Preparedness - A Decision Tool

HIPAA Privacy in Emergency Situations

HIPAA AND health information technology

Reassessing Your Security Practices in a Health IT Environment: A Guide for Small Health Care Practices

Cybersecurity for Small Business

Top 10 Tips for Cybersecurity in Health Care

Health Information Technology: Guide to Privacy and Security of Electronic Health Information

What to Do if Your Email Is Hacked or Malware Attacks Your Computer

Health IT Privacy and Security Resources for Providers

HIPAA and Health Information Exchange (HIE)

Health Information Exchange (HIE)

What is HIE?

HIE Benefits

Getting Started with HIE

Patient Consent for Electronic Health Information Exchange

Patient Matching, Aggregating and Linking

Identity theft

Identity Theft

Data Breach Response: A Guide for Business

Peer-to-Peer File Sharing: A Guide for Business

Protecting Personal Information: A Guide for Business

Security Check: Reducing Risks to Your Computer Systems

Truncating Credit Card Information on Receipts

Medical identity theft

FAQs for Health Care Providers and Health Plans

Consumer Information: Medical Identity Theft

Medical ID theft and fraud information

Medicare and Medicaid

Medicaid Compliance for the Dental Professional

Medicare Learning Network (MLN)

National Practitioner Data Bank

National Practitioner Data Bank

NPDB Guidebook

Open payments (Physician Payment Sunshine Act)

Open Payments Website

Open Payments FAQs

OSHA regulations

Centers for Disease Control and Prevention

National Institute for Occupational Safety and Health (NIOSH)

Occupational Safety & Health Administration (OSHA)

Other federal agency websites

Bureau of Labor Statistics


Copyright Office (U.S.)

Drug Enforcement Administration (DEA)

Equal Employment Opportunity Commission

Federal Trade Commission

Federal Trade Commission for Consumers

Food and Drug Administration (U.S.)

Internal Revenue Service

Labor (U.S. Department of)

Library of Congress

National Practitioner Data Bank and the Healthcare Integrity and Protection Data Bank (U.S. Department of Health)

Occupational Safety & Health Administration (OSHA)

Office for Civil Rights (HIPAA)

Small Business Administration

Social Security Administration

Supreme Court of the United States

U.S. Citizenship and Immigration Services

U.S. Department of Justice Americans with Disabilities Act