In the dental profession, the US Occupational Safety and Health Administration (OSHA) does not require…
Reminder for Dentists: Conducting a HIPAA Security Risk Analysis is a Federal Requirement
Under the U.S. Health Insurance Portability and Accountability Act (HIPAA), dental practices handling protected health information (PHI) are required to conduct a HIPAA security risk analysis. This requirement applies to all covered entities and business associates and is essential for safeguarding PHI.
A HIPAA security risk analysis involves identifying and evaluating potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI. The findings must then be used to implement appropriate security measures to mitigate those risks.
Recent OCR Enforcement Underscores the Importance
The U.S. Department of Health and Human Service Office for Civil Rights (OCR) recently announced a $350,000 settlement with Northeast Radiology, a professional corporation that provides clinical services at medical imaging centers. According to the April 2025 press release, the investigation began after OCR received a breach report from Northeast Radiology which stated that between April 2019 and January 2020, unauthorized individuals had accessed patients’ radiology images stored on Northeast Radiology’s data server. OCR’s investigation found that Northeast Radiology had failed to conduct an accurate and thorough security risk analysis to determine the potential risks and vulnerabilities to the PHI in their information systems.
Take Action Now
OSHA Review recommends that all HIPAA-covered entities, including dental practices and business associates, take the following steps to mitigate or prevent cyberthreats:
- Conduct or update your HIPAA security risk analysis.
- Document all findings and remediation steps.
- Review policies and procedures related to HIPAA compliance.
- Train staff on safeguarding PHI.
Compliance is not optional, and even small practices can face significant penalties for noncompliance. Proactive risk assessments are key to avoiding costly enforcement actions and protecting your patients’ information.
For our OSHA Review subscribers… The July/August 2022 issue of OSHA Review in Section X of your OSHA Review binder covers HIPAA requirements and includes information about conducting a security risk analysis. Additionally, a HIPAA risk analysis checklist is available from OSHA Review’s website.
OSHA Review, Inc. a registered continuing education provider in the State of California, specializing in Dental Practice Act, infection control, and Cal/OSHA training. OSHA Review subscribers in California receive updated regulatory compliance and infection control training thorough our bi-monthly newsletter.
Related Posts
