Introduction

President Clinton signed the Health Insurance Portability and Accountability Act (HIPAA) of 1996 on August 21, 1996 as Public Law 104-191.  The intent of the Administrative Simplification sections of this law is to create a mandatory format (messages and code sets) to be used by any healthcare entity like a dental office that transmits health information in an electronic transaction and to protect the confidentiality and security of health information by setting and enforcing standards.¹ While HIPAA addresses only one part of the information management problem in healthcare, it was the first targeted step in creating effective recognition of the role of information coupled with the use of information science and technology in healthcare.  Figure 1 depicts the inextricably linked realities of information in healthcare.  The first domain deals with patient care issues presented by Heid, et al.² This paper and its sequel deal primarily with the resource management information domain, but this portion focuses on the privacy and confidentiality issues.  The ultimate goal is to expedite the exchange of healthcare data in a confidential and efficient manner that results in a reduction in administrative costs associated with the management of such information.

The law also applies to all health plans and healthcare clearinghouses.  Clearinghouses are organizations that receive messages in a non-compliant form and reformat them into a different form that is compliant with the provisions of HIPAA.

Figure 1. Domain Inseparability

Heid, et al. provided an overview of the significance of the Electronic Health Record (EOHR) to the dentist and noted there are a number of Electronic Data Interchange (EDI) transactions that are potentially relevant to the dental practice.²  The most relevant is the Healthcare Claim (Transaction 837 Dental) that contains those attributes from the EOHR that characterize the dental encounter or patient visit and the services rendered.  The key attributes are extracted from the EOHR by appropriately designed software and automatically assembled into the HIPAA-designated message form that includes other attributes denoting the healthcare insurance coverage and enrollment information.

Should a dentist or a health plan elect not to use the required electronic standard to transmit patient information electronically, HIPAA provides for the use of a clearinghouse that is compliant with the standard for such transmissions.  Since paper transactions are not subject to HIPAA regulations, they can be used to submit information between businesses such as the dental office and a health plan as in the past without additional requirements.³

In order to achieve the intent of the law, the following elements are included in the regulations:

1. All patient health data used in the administrative transactions, as well as the associated administrative and financial data, must be standardized.
2. Unique identifiers for patients, employers, health plans, and healthcare providers, such as dentists, must be implemented.
3. Privacy and security standards for computer systems designed to protect the confidentiality and integrity of “individually identifiable health information” must also be implemented.
4. Electronic signature standards must be in place.

The HIPAA rules do not offer preemption requirements.  The HIPAA privacy rule is a “floor” for privacy protection.  This means that more stringent state laws superseded HIPAA and states have a right to apply for HIPAA exception for existing or new state laws when conflict or stringency is uncertain.  Dentists will need to be sure their practices conform to both HIPAA rules and specific state laws that apply.  For example, an individual state may have more stringent privacy requirements for mental health information.  Keep in mind that dentists may continue to respond to public health mandatory reporting requirements.

Several papers^4,5 and informational sources⁶ have also addressed the meaning of HIPAA for the dentist.  The objective of this report is to further describe the key patient care data that is captured in the EOHR with that used for administrative functions.  For an integrated dental practice enterprise, the view of the additional resource management data needed for complete practice management will be depicted.  The primary emphasis of HIPAA is twofold: (1) protecting personal health information and (2) standardizing transactional data.  Each of these will be addressed in this paper.  In addition, a discussion will be presented of how EOHR information architectures for dental practices should be designed for transparent, consistent use of patient care data used for the administrative functions that are now the focus of the HIPAA legislation.

Click Here To Navigate Within Article >> Abstract Introduction Protecting Personal Health Information (PHI) Privacy Policies Professional Communications and Privacy Patient Authorization Requirements Privacy Training An Overview of HIPAA and its Dental Implications Staying Current with the Regulations Conclusion References About the Authors
	Page 2 of 12
Citation Number: Vol. 4, No. 1, Page 060