Amy Dukoff

Access to Medical Records 

Patients generally should be able to see and obtain copies of their medical records and request corrections if they identify errors and mistakes. Doctors generally should provide access to these records within 30 days and may charge patients for the cost of copying and sending the records.

Notice of Privacy Practices

Doctors must provide a notice to their patients how they may use personal medical information and their rights under the new privacy regulation. Doctors are expected to provide the notice on the patient’s first visit following the April 14, 2003, compliance date and upon request. You generally should ask patients to sign, initial, or otherwise acknowledge that they received this notice.

Limits on Use of Personal Medical Information

The privacy rule sets limits on how doctors may use individually identifiable health information. The rule does not restrict the ability of doctors, nurses, and other providers to share information needed to treat their patients. In other situations, though, personal health information generally may not be used for purposes not related to health care, and you may use or share only the minimum amount of protected information needed for a particular purpose.

Confidential Communications

Under the privacy rule, patients can request that their doctors take reasonable steps to ensure that their communications with the patient are confidential. For example, a patient could ask a doctor to call his or her office rather than home, and the doctor’s office should comply with that request if it can be reasonably accommodated. 

HIPAA affects the dentist and the entire practice team. Part of the dentist’s responsibility is to educate the dental team and employees.  The front desk area becomes an area of concern when a patient’s privacy is considered.  For example, the support staff must keep a low tone of voice so that other patients cannot overhear conversation with or about a specific patient.  Also, computer screens should be placed and angled so that patients cannot view them easily. HIPAA requires that you take steps to protect the information you write and send electronically about a patient.  Faxes and emails should have privacy warnings on them.
    To gain more information on HIPAA, you can contact the ADA.  You may be able to attend an informative seminar on compliance, as I did.  The U. S. Department of Health and Human Services has a helpful website where you will find guidelines and technical assistance with compliance at http://www.hhs.gov/ocr/hipaa/. Healthcare Compliance Solutions, Inc. (HCSI) located in Sandy, Utah, can help you accomplish compliance. Their fax is (801) 943-6658 and telephone (801) 947-0183.  Their website is at http://www.hcsiinc.com/.  They helped our office take the necessary steps to be compliant.
    All of us work hard at providing the best care for our patients.  HIPAA is another way to ensure that each patient’s privacy is more closely monitored and to increase out awareness in this area.