HIPAA is a federal mandate first introduced in 1996 that requires a health care organization to keep patient data secure. As a dental office that stores, processes, transmits and receives, and maintains protected health information, you must be compliant with the mandate. Over the past 17 years, there have been many iterations and modifications to the original mandate. The culmination of these changes is called The 2013 HIPPA Omnibus Final Rule and was enacted in January 2013. This rule enhances a patient’s privacy protections, provides individuals new rights to their health information, strengthens the government’s ability to enforce the law, and increases penalties for security violations. The deadline to comply was September 2013.

Compliance requires a number of privacy and security actions including, but not limited to, completing what is called a risk analysis, creating a risk management plan, continuous employee training, and the implementation of updated policies and procedures. It is all pretty daunting for the typical small business. You can get dizzy and overwhelmed just trying to follow all the rules and understand what is required -never mind implementing solutions and systems.

What has prompted me to write about this topic is that I am finding in my conversations and meetings with clients that not one single office has taken ALL of the major required steps to be in compliance. The Department of Health and Human  Services (HHS) Office for Civil Rights (OCR) is the federal agency responsible for enforcing HIPAA compliance. These people take their job very seriously. If you are found in violation of HIPAA, you could be assessed large fees. I am reading about fines of $25,000 to $50,000 per day!! That can put you out of business! And if your lack of compliance leads to a security breach, the fines will be even larger.

The bottom line here is that you can’t afford to be complacent about the potential economic disaster that would result from an audit or a breach. Under the Final Rule, the general presumption is that any improper use or disclosure of protected health information (PHI) is a breach UNLESS the covered entity (your dental practice) can show that there is a low probability that the PHI has been compromised. In other words, your are essentially guilty until proven innocent.

The word is that the OCR is performing 1200 random audits a year. Computers can get stolen from your office. Back up discs or tapes somehow disappear or get lost. A disgruntled employee or patient can become a whistle blower.  Your financial exposure as a dentist could be enormous.

In my next post, based on my research, I will offer advice on where you can find reliable and professional help at a modest cost.

We have all experienced this. “Doctor – could I speak with you for a few minutes at the end of the day?” A valuable and talented team member wants to tell you something in private. Nothing good can happen from this! And sure enough, you find out that because a husband got a promotion, or a new grandchild is being born to a single mom four states away, or an elderly parent needs a caregiver, this great employee – one of the cornerstones of your dental practice – is leaving town.

As I have written many times before, in my experience, the most difficult challenge in dentistry – or any business for that matter – is to keep intact a quality, loyal, caring, and customer service oriented team. All these moving parts running seamlessly and effectively is the engine that powers a successful organization. So even though this soon to be departing staff member has graciously agreed to stay on for three weeks before leaving, it is very possible that her replacement will not have been identified and hired. Thus all of her knowledge and experience and special systems will not be able to be transferred.

Over the years, I have found that an effective solution to this situation is to create a video training manual for every position in the practice. I think it is most beneficial for the front desk. Doctors are able to train dental assistants and hygienists fairly easily because they work closely together in the back/clinical side of the office. But doctors are often quite uninformed about the intricacies of what is supposed to happen on the administrative end.

So let’s make a video in front of the computer showing how to begin the day, how to close the day, how to interact with a Patient Activator or Demand Force dashboard, how to post payments from a big insurance check, how to calculate insurance write offs, how to make adjustments, how to back up data, how to make financial arrangements on treatment plans, how to follow up on overdue insurance payments, how to print out daily/weekly/ monthly reports, etc, etc. The list is extensive to say the least. When that next front desk person is hired, I think that you can see how much easier it will be to get her up to speed on how all of  these various functions are performed in your office. No guess work – just watch to learn exactly how to perform each and every task. The same principles can be utilized for clinical jobs as well.

I also strongly suggest that when you have to contract and absorb the expense for a full day of training for new updates and improvements for your Eaglesoft or Dentrix or Practiceworks management software, that you videotape the entire presentation.

This process of video taping should not be misconstrued as a threat to anyone’s job. We hope that our great staff members will stay on forever. But life is complicated – we live in an increasing mobile society – so it is a wise and prudent business strategy to be prepared for the worst.