The compliance deadline
for the “Transactions Regulation” governing the transmission of
healthcare was October 16, 2002. However, there has since been a provision for
extending that compliance deadline for one year. The compliance deadline for
the “privacy rule” protecting the confidentiality and integrity
of health data will become effective April 14, 2003, unless proposed modifications
in this regulation are adopted and the date is subsequently altered.
The HIPAA regulation imposes
severe civil and criminal penalties for non-compliance. These include:
Fines up to $25,000 for repeated
violations of the same standard within a calendar year.
Fines up to $250,000 and/or imprisonment
up to 10 years for knowing misuse of individually identifiable health information.
Recognizing the severity
of the consequences for non-compliance, it behooves the dentist to take the
necessary steps to achieve compliance. These steps will include:
Establishing awareness of HIPAA requirements in the dental office.
Comprehensive assessment of the office information security systems, policies,
and procedures.
Creating an action plan for compliance with deadlines and timetables for
compliance. A comprehensive action plan should include:
Developing new policies, processes, and procedures for handling healthcare
information
Building “Chain of Trust” Agreements with billing services
to assure compliance
Designing a compliant technical information infrastructure within the
office
Purchasing new, or adapting, information systems when appropriate
Developing new internal communication strategies to avoid breaching patient
confidentiality
Staff training on HIPAA requirements
Implementation of enforcement policies and procedures
