AAO 2017: Legal Advice for Proper HIPAA Compliance
Too many dental practices “stumble over” achieving proper HIPAA compliance. Most HIPAA problems come from staff ignorance and mistakes. The road to correct HIPAA compliance begins with information control, doing a practice risk assessment, and in having a written set of guidelines for patient data. Lawyer Simone McCormick, who will be speak at the AAO 2017 Annual Session, held from April 21-25 in San Diego, California, seeks to build awareness for correct HIPAA compliance for healthcare professionals.
PUBLISHED: Thursday, April 20, 2017
When it comes to proper Health Insurance Portability and Accountability Act (HIPAA) compliance, too many dental practices “stumble over the matter and then give up,” explains one legal expert. “They can’t.”
Simone McCormick, J.D., a West Coast attorney and a partner in the Selman law firm, says, “HIPAA is very important because it affects almost everyone — almost every dental and medical professional nationwide. It’s pretty far-reaching.” McCormick has represented healthcare professionals for most of her legal career, including orthodontists, and has also developed a HIPAA-focused practice.
While dental professionals must notify the government if they suspect a data breach, HHS also gets leads via complaints, McCormick says. HHS also does audits for compliance, “They go out to see if dental professionals are compliant,” she says. Although audits are completely random, McCormick says it is the larger and more significant healthcare organizations that are the usual targets for an audit.
She says the main reason for HIPAA compliance failure comes through the negligence of the dental staff. “The majority of problems are from mishaps,” McCormick explains. “This also includes snooping through patient data by staff. Information access control is vital to proper HIPAA compliance. The best way to prevent this is to have a ‘minimum necessary’ or ‘need to know’ rule to limit the exposure of data.”
In her law practice, McCormick says she sees a lot of noncompliance but most of it is due to ignorance. “It’s not easy to comply,” she says. “With HIPAA there are a lot of things to consider. I’m trying to create awareness. It’s a big mountain to climb but dental practices have to make a start and always try and move in the right direction.”
The best way to begin is through a risk assessment for the dental practice, says McCormick. This begins with the “Where’s my data?” question. “You as the owner of your practice need to ask and understand that question,” McCormick says.
Regarding patient information, doctors must ask “What do I have?” and “Where do I have it?” And then “What is the risk of it being compromised?” To help answer those and other questions, McCormick says the federal government’s HealthIT.gov website offers help with a Security Risk Assessment program. McCormick explains that “at a minimum” dental professionals should “spend some time with this free tool.”