HIPAA Enforcement Rule

Guidelines for Practice Success | Managing Professional Risk | Patient Records, Charting, and Documentation Protocols

The U.S. Department of Health and Human Services’ (HHS) HIPAA Administrative Simplification Enforcement Rule contains rules on compliance, investigations, hearings, and penalties for violations. It also details the procedures and amounts for imposing civil money penalties on covered entities that violate any HIPAA Administrative Simplification requirements. HIPAA violations can be very costly and some can also make the dentist subject to criminal prosecution.

HIPAA considers dental practices covered entities if they transmit electronic “covered transactions,” such as electronic claims, to dental plans. A dental practice can also become a covered entity by contracting with an outside service, such as a clearinghouse, to submit electronic covered transactions on behalf of the dental practice.

Covered dental practices must permit the federal government to access the dental office and its books, records, accounts, and other sources of information, including protected health information (PHI), that are needed to prove the practice’s compliance with HIPAA.

HIPAA investigations can be triggered by patient complaints, breach notification, news stories, or other indications of possible noncompliance. The federal government may also conduct compliance audits of covered entities even if there is no indication that the covered entity is not in compliance with HIPAA.