The professionals at Touchstone Compliance prepared a short video that explains HIPAA called, “A Crazy-Good Guide to HIPAA Compliance.” At three and a half minutes, it’s worth your time.
The following scenario is true, but some of the details have been changed to protect the innocent … and the guilty.
The setting is the cramped reception area of a small dental practice. The office manager, who also works the front desk, is on the phone with a patient.
ALSO BY ROMAN DIAZ:4 Essential Steps to HIPAA success
“Julie Jones? This is Dr. Doe’s office. Your lab results are in and they indicate you’ve tested positive for an STD. You’ll need to schedule an appointment as soon as possible with your primary care physician.”
Her voice drifts over into the nearby waiting room. A few people look up from the magazines they’ve been flipping through. One of them, who happens to be a neighbor of Ms. Jones, arches an eyebrow and softly clucks her tongue. Information that should have been confidential between this office and Ms. Jones is now dangerously close to public knowledge. With this particular neighbor now in the know, people in Ms. Jones’ cul-de-sac will probably hear these results before her boyfriend.
Informing patients of test results is a normal and necessary part of the work day at every office that deals in health care. But in this case, having that conversation where it can be overheard violates Ms. Jones’ right to privacy, a right protected by the law known as HIPAA.
With so much involved in running a successful dental practice, it’s easy to understand how HIPAA has come to be viewed as something that takes away from the practice of dentistry — more of a nuisance than a necessary part of good care.
But at its core, HIPAA isn’t about extra logistical hassles or additional work; it’s really about best practices, and creating and maintaining a professional environment that protects every patient’s rights.
The relationship patients have with health-care professionals is one that involves openness, honesty, and a deep level of trust. Patients tell their providers things about themselves that few others know, such as intimate details of their lives and health histories.
They expect that their privacy will be respected — by their dentist, the staff, and other providers. These other providers include the dental lab, X-ray services, and anyone else involved in their treatment. Patients expect that outsiders will not be able to access their information, and that those who need to know will be able to view only the information that’s necessary for treatment.
This way of dealing with health information is more than professional courtesy; it’s a fundamental patient right, the very issue that HIPAA speaks to, ensuring that patients will know when their rights have been violated. They can feel confident that the law will be enforced and violators will be punished.
HIPAA: What do you want out of my dental practice now?
Email and HIPAA, when is the line crossed?
Are patient names on dental lab labels a HIPAA violation?
If patient information isn’t protected, the effects can be far-reaching. In the wrong hands, a person’s health information can be used to tarnish his or her reputation or cause financial harm. In some cases, compromised information can even negatively impact care.
Modern technology has facilitated the quick dispersal of information among various entities; HIPAA helps keep all that data safe. From installing firewalls in the office’s computer system to training employees in the proper protocols when contacting patients, HIPAA, in essence, is all about safeguarding every patient’s right to privacy, security, and respect.
Ensuring a patient’s right to privacy is essential to the practice of good dentistry — and a vital part of the covenant between dentists and patients. Implementing the mandates of HIPAA plays an important role in building patient trust and a thriving practice.
Roman Diaz is president and founder of Touchstone Compliance, a San Diego-based company offering a comprehensive suite of interactive online tools for meeting HIPAA standards.