HIPAA Notice of Privacy Practices: Best Practices

Dentists are required to post in the office, and distribute to each patient no later than the first appointment date, a Notice of Privacy Practices, which is a formal, written document summarizing the legal duties of the dental practice to protect patients’ protected health information. The following includes best practices in implementing and managing the Notice of Privacy Practices requirements.

• The Notice must be posted in the office and be provided to each patient no later than the date of the first appointment.
• Dental offices should make a good faith effort to obtain a patient’s written acknowledgement of the Notice for documentation purposes.
• If the Notice is revised, the dental office does not have to obtain a new acknowledgement of receipt of the updated Notice. However, the new Notice must be posted and provided to new patients after the effective date of the revision.
• If the first treatment encounter is not face-to-face, i.e. is over the phone, the office can mail the notice to the patient the same day; the Notice should include an acknowledgement form to be mailed back to the office to satisfy the requirement to make a good effort to obtain the patient’s acknowledgement of receipt of the Notice.

For our OSHA Review Subscribers: The July/August 2014 issue of OSHA Review covers HIPAA Compliance. Additionally, HIPAA documentation forms such as a template HIPAA plan and a sample Notice of Privacy Practices can be downloaded from OSHA Review’s website – oshareview.com; after logging into your account, under the OSHA Review menu at the top of the page, select Document List.

Since 1992, OSHA Review, Inc. has provided dental professionals with comprehensive programs to support regulatory compliance and infection control. We are a registered continuing education provider in the state of California, specializing in Dental Practice Act, infection control, and OSHA training.