Privacy and HIPAA

Outlines laws, provides links & other useful resources. California has many laws aimed at protecting the personal and confidential information of its residents.

Sample form to obtain patient consent for use or disclosure of patient information as required by HIPAA and state law.

A credit card company may request information when a patient disputes a charge to a dental practice. Use these resources to respond to the company.

Steps to follow when your dental practice experiences a cyber incident that impacts your ability to access patient information.

Learn what cybersecurity practices your dental practice should have by reviewing resources from these government agency websites.

HIPAA and California law require individuals be notified when specified personal information, including health and medical insurance information is breached. This article summarizes the requirements and provides a checklist of steps to follow when patient information may have been breached or accessed without authorization.

Describes state requirements to include in a dental practice’s policies and procedures for protecting patient information. 

Answers to questions asked by dental offices on how to comply with HIPAA and state rules on health information privacy, security and confidentiality.

This checklist provides an at-a-glance view of elements required to comply with state and federal privacy laws. 

This is the fourth of four presentations created to train a dental practice’s privacy officer and security officer on the requirements of federal and state privacy laws and on their respective responsibilities. 

Describes HIPAA business associates and the requirement for covered entities such as dental practices to have agreements with them. A sample business associate agreement is included.

This is the first of four presentations created to train a dental practice’s privacy officer and security officer on the requirements of federal and state privacy laws and on their respective responsibilities. 

A discussion on HIPAA safeguards – what administrative, technical and physical safeguards are required to be implemented and how to determine if a safeguard is reasonable and appropriate.

The rule sets standards to protect patient information in electronic form. A covered entity must implement or address more than 30 administrative, physical and technical standards summarized here.

The first four PowerPoint presentations listed below are intended to instruct dental practice HIPAA privacy and security officers on their responsibilities under HIPAA and state privacy and security laws. The fifth and last PowerPoint presentation listed below can be used in combination with a dental practice’s written policies and procedures to train the office workforce (includes students and others).

This is the third of four presentations created to train a dental practice’s privacy officer and security officer on the requirements of federal and state privacy laws and on their respective responsibilities. 

This PowerPoint presentation can be used in conjunction with the dental practice’s written policies and procedures to train staff on compliance with HIPAA and state laws.

Format and content, patient access to records and requests to amend, disclosure of information, data breach notification, retention and disposal, transferring records in a sale.

Summary of records release rules with customizable sample form. Patients have the right to access their record and can request paper, film or electronic copies.

Includes information on this patient right to restrict disclosure of patient health information to a dental benefit or health care plan and a sample form to use for a patient who requests such a restriction.

Describes patient rights and dental practice responsibilities under HIPAA. Patients must be informed of these rights through the distribution of the covered entity’s Notice of Privacy Practices.

This is the second of four presentations created to train a dental practice’s privacy officer and security officer on the requirements of federal and state privacy laws and on their respective responsibilities. 

Use sample notice to inform patients of a breach of their personal information. Sample notice includes elements required by law.

Practices should personalize the attached sample language to their practices and confirm that the agreement is consistent with existing policies and procedures.

Customize this form to create a practice’s notice. It must have specified elements. The final notice must be provided to patients and an acknowledgment of receipt should be collected. Post it in the practice and on the practice website.

Summarizes prohibited actions and best practices for businesses collecting social security numbers or copies of driver’s licenses.