Privacy Policies

The privacy rule clearly defines civil and criminal penalties for privacy violations and, by doing so, strengthens the patchwork privacy protections currently available throughout the United States.  For example, privacy procedures should describe how patients are to authorize the release of their protected health information.  Authorizations are required for releasing information to insurance companies for payment and for other special release of information.  Existing policies on confidentiality of health information will serve as a basis and may be modified to include HIPAA specific language.  The recent American Dental Association’s (ADA) publication “HIPAA Privacy Kit” features an overview of policies and procedures for dental practices that offers suggestions on how to achieve HIPAA compliance and features examples and illustrations that may be adapted.⁷

While state laws may vary, for HIPAA the rule calls for privacy policies to include at least the following elements:

1. A general statement prohibiting the use and disclosure of patients’ protected health information without authorization or otherwise permitted by law and noting that only the minimum necessary information will be disclosed when authorized. 
• Authorizations for use and disclosure – their use and the form to be used.  (Authorization examples are available in the ADA HIPAA Privacy Kit⁷, p. 69)
• Authorizations from other providers
2. Provision for notifying patients of the privacy practices of the dental office, the availability of the notice document along with patient acknowledgements they have received the notice, and that the notice will be displayed in the public areas of the office.
3. Provision for patient access to their record for purposes of review and/or amendment, paper or computer review Amendment procedures, and the form patients use to request an amendment to their record.
• Denial of access - cases where the provider (dentist) refuses access along with an example
4. Opt Out policies such as if patients do not want to have their information used for specific things.
5. Sanctions for privacy breaches – from verbal correction to termination of staff.
6. Complaint process (including language that assures there will be no retaliation against patients who file complaints) and forms for the patient to use.
7. An accounting of disclosures that explains how HIPAA requirements for the accounting applies in the dental practice.

Click Here To Navigate Within Article >> Abstract Introduction Protecting Personal Health Information (PHI) Privacy Policies Professional Communications and Privacy Patient Authorization Requirements Privacy Training An Overview of HIPAA and its Dental Implications Staying Current with the Regulations Conclusion References About the Authors
	Page 4 of 12
Citation Number: Vol. 4, No. 1, Page 062