Heart of Texas Oral Surgery Logo

The Importance of HIPAA to a Dental Clinic in Texas

HIPAA Surgeon Image

In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress. It subjects healthcare providers, plans, and clearing houses to maintain the privacy of their patients. Business associates also need to be mindful of this federal law. Essentially, HIPAA is an industry-wide standard for transferring, receiving, and handling health-related information. It’s something that dental clinics in Texas need to consider with every piece of confidential data that they obtain. Let’s dig into more of the impact of HIPAA in modern dentistry.

What are Patient Rights?

Dental clinics in Texas need to provide their patients with a safe environment. It is enough weight on patients’ shoulders to schedule oral surgery without worrying about the quality of care they will receive. But this sense of safety doesn’t only extend to the operating chair. It goes beyond that to how the patient interacts with the clinic digitally. This includes any patient portals and online payments. The most critical way to assure patients that a practice is safe is by abiding by the standards set by HIPAA.

Patient rights are guaranteed by federal law. Many states even have their own protective laws for patients. One critical right includes the right to personal privacy. Oral health information should be confidential between the patient and the dental practice professionals.

What is Protected Health Information?

Protected health information (PHI) is what makes up the identity of a patient. It includes their medical history, insurance information, and test results. Note that the permissible uses and disclosures of PHI consist of treatment and payment. It also involves health care operations, such as compliance reviews. If any of these 18 identifiers can be used to get in touch with a person, they are considered identifiable and should, therefore, be protected:

  1. Full name
  2. Address
  3. Individually relevant dates
  4. Telephone number
  5. Fax number
  6. Email address
  7. Social Security Number
  8. Medical record number
  9. Health plan beneficiary number
  10. Account number
  11. Certificate or license number
  12. Vehicle identifiers
  13. Device identifiers
  14. Web URL
  15. IP address
  16. Finger or voice print
  17. Photographic image
  18. Uniquely identifiable characteristics

How Does HIPAA Apply to Dental Clinics?

Although not all individual dentists are HIPAA-covered entities, all dental practices should be. As a covered entity, they are permitted to use and disclose PHI without authorization at the time of certain situations. That includes treatment, payment, and health care operations. Large dental practices are encouraged to appoint a compliance offer. This way, everyone understands policies and procedures surrounding HIPAA compliance measures. Here are the three parts of HIPAA that dental clinics in Texas should consider.

Privacy Rule

Dental professionals are required to provide new patients with a Notice of Privacy. You can find the Notice of Privacy for Lake Travis Oral Surgery and Bastrop Oral Surgery within our patient forms. It will explain the patient’s rights in regard to the access of medical information. This includes the right to receive and restrict disclosures of that information. Essentially, the Privacy Rule limits the ability of entities covered under HIPAA to share information without consent. Patients are also able to request confidential or alternative means of communication. Dental clinics in Texas are expected to accommodate reasonable requests.

Security Rule

Year over year, we are seeing more complex cybercrime occurring. As technology advances, so do cybercriminals. Electronic health information, otherwise known as ePHI, needs to be safeguarded. This means practices need to use the most updated technology and protocols. A dental clinic in Texas must divide safeguards amongst technical, administrative, and physical work. The HIPAA Security Rule focuses on specifically protecting the digital subset of the Privacy Rule. Where the Privacy Rule includes health information that is written and orally transmitted, the Security Rule covers the creation, reception, maintenance, and transmission of electronic forms.

Breach Notification Rule

There may come a point where PHI is breached. In this case, practices need to act quickly. According to the Breach Notification Rule of HIPAA, a practice needs to notify the impacted individuals within 60 days of the discovered breach. Following that, they will speak to the federal government’s Department of Health’s Office of Civil Rights. Local media should be informed of any practices that had more than 500 individuals affected. Something to be aware of is that there are states with slightly shorter timelines or additional data breach reporting rules. A dental clinic in Texas, for example, requires notice to the Office of the Texas Attorney General if 250 people are affected.

Common Reasons for HIPAA Violations

The following are three things that every dental clinic in Texas should be mindful of.

Having the Wrong Hands on Electronic Devices

Dental practices must ensure that their devices are present at all times. They should also not step away from a screen when patient information is present. Were technology to be stolen or accessed by a criminal, it could spell major problems for the patients. They could have their identities stolen. It is necessary to have both physical security and cybersecurity measures in place.

Failing to Encrypt Personal Health Information

Encryption is not mandatory when it goes to ePHI. Staff should not be able to easily download records onto their unsecured devices. In the same vein, they should not take work home with them. Through the encryption of data, a dental clinic in Texas reduces its risk of being breached. It will protect that data regardless of the device it is on. When combined with advanced authentication, it is even more safeguarded.

Not Having a Risk Management Process in Place

How a practice plans to mitigate threats to patient privacy comes in the form of a risk management process. This entails the identification, monitoring, and management of those potential threats. It aims to minimize the harm that the practice will face in the event of a breach. The risk management process must be as detailed as possible to make the best-informed decisions.

What Happens if HIPAA is Violated?

You might be surprised to learn that, upon review, a large number of HIPAA violations are dismissed every year. This is because, in most cases, the complaints are resolved by taking preventive measures for the future. That isn’t to say that there aren’t consequences, though.

According to the American Dental Association (ADA), practices that violate HIPAA can receive civil or criminal penalties. This will depend on the culpability of the practice. If they had no knowledge of a breach, they will serve a lesser consequence. However, if it was a case of willful neglect that was not timely corrected, they face the maximum charge. One of the major downfalls that come from a HIPAA violation is that a practice is no longer viewed as a safe entity. They will have taken a hit to their reputation.

How Should Dental Staff Be Educated?

As much as an oral and maxillofacial surgeon must be well-versed in HIPAA, so do the employees. When a dental clinic in Texas hires new members of its staff, they should be taught HIPAA best practices. Dental practices take in a great deal of PHI that needs to be handled with care. You cannot afford to allow an employee to make a massive mistake. Once again, if it isn’t a mistake but rather intentional misconduct, that is even more problematic. Access controls must be documented.

It is in the best interest of dental clinics to continuously remind employees how to stay in line with HIPAA. Putting the information on posters in the office is a great way to do this. But on a more personal level, there needs to be adequate team training. It is extremely important for every staff member to understand the rules of HIPAA and how they apply in their individual position.


Lake Travis Oral Surgery and Bastrop Oral Surgery are oral surgery clinics in Lakeway and Bastrop, Texas (respectively) that specialize in oral and maxillofacial surgery. This includes focuses on TMJ disorder treatment and denture preparation. Our expert, Board-Certified Oral and Maxillofacial Surgeon, Dr. Jeff Alford, is able to treat even the most challenging cases. Send us a message to set up your consultation today. We promise to provide you with a thoughtful treatment plan that achieves your most desired outcome.