© Designer491 | Dreamstime.com
HIPAA updates dentistry 2022

HIPAA in 2022: What’s on the horizon?

Jan. 12, 2022
When it comes to HIPAA regulatory updates, preparation is key, says Linda Harvey, MS, RDH. Here she breaks down interoperability and OpenNotes and what they mean for dental practices.

Editor's note: This is the first of three articles on HIPAA updates in 2022.

COVID-19 has certainly made the past two years uncertain. Some periods have felt like two steps forward and one step back with supply chain interruptions, staffing shortages, and ever-changing guidelines. The same feeling applies to HIPAA regulatory changes.

There are a number of HIPAA updates on the horizon. That’s because patient rights, data security, and digital transformations are mutating as quickly as COVID-19 variants seem to be.

As the pandemic continues, it may be the worst time in recent history to find yourself on the receiving end of a regulatory complaint or investigation. But you can reduce your risk by staying abreast of pending HIPAA regulatory updates—preparation is key!

Spotlight on interoperability and digital transformations

“Interoperability” will continue to be a key buzzword in 2022. The Healthcare Information and Management Systems Society (HIMSS) defines the term as an “ecosystem comprised of individuals, systems and processes that want to share, exchange and access all forms of health information. This includes patients, providers, hospitals/health systems, researchers, payers, suppliers and systems as potential stakeholders within this ecosystem.”1

Interoperability is pivotal to the future of integrated health care where patient data flows freely and securely between payers, providers, and patients. Ask yourself this question—how many of your medical providers now encourage you to preregister online before an appointment and also have portals available for you to access your records and/or communicate with the medical office?

Now ask yourself—what is the capability of your practice management software to provide that level of access? Depending on which practice management software you use, you may need to consider implementing and integrating a compatible teledentistry solution or patient portal to keep up with changing regulations and patient expectations.

Related reading:
Teledentistry: The good, the bad, and the ugly

The value teledentistry brings to dentists and their patients

OpenNotes and dental practices

A major component of interoperability and digital transformations regulatory mandate is “OpenNotes,” which refers to providing patients unrestrained access to their electronic health information in a format that is "easy to understand, secure, and updated automatically."2

On December 13, 2016, President Obama signed the 21st Century Cures Act. One aspect of the act is to promote and fund quality health care improvements, such as research and medical device development. Another key aspect is a nationwide approach to interoperability and prevention of information blocking. The deadline for compliance by provider and health systems was April 5, 2021.

The Cures Act outlines eight mandatory categories of clinical notes to be made available to patients. These include:3

  • Consultation notes
  • Discharge summary notes
  • History and physicals
  • Imaging narratives
  • Lab report narratives
  • Pathology report narratives
  • Procedure notes
  • Progress notes

This means patients now have unfettered access to their personal health information. For your practice, it means you must be able to share your clinical notes and not block electronic health information between health systems, apps, and devices. It’s important to note that by the end of 2022, you must also be able to share your notes with the patient’s third-party application (app).

Not yet ready for OpenNotes? The act does allow for eight different exemptions that when the specific conditions are met, will not be considered information blocking. One exception that may apply to your practice is the Infeasibility Exemption. This means that you must demonstrate the consideration of certain factors that led to your determination that complying with the patient’s request would be infeasible under the circumstances.

For example, what if your practice management software doesn’t have the necessary functionality? In this case, you must provide a written response to the requestor within 10 business days of receipt of the request with the reason(s) why the request is infeasible. To determine whether any of the exemptions apply to your practice, you may want to consult with a qualified consultant or health-care attorney as well as your software vendor about these requirements and any applicable exemptions.


1. Interoperability in healthcare. HIMSS. https://www.himss.org/resources/interoperability-healthcare

2. 21st Century Cures Act—a summary. HIMSS. https://www.himss.org/resources/21st-century-cures-act-summary

3. Federal rules mandating open notes. OpenNotes. https://www.opennotes.org/onc-federal-rule/