Whether you are a practice owner or office administrator, your patient’s privacy has to be kept to a high standard. In today’s world, privacy has never been more important. Patients are trusting your practice to keep their medical and personal information safe.
The HIPAA and PIPEDA are both laws responsible for keeping patient’s information protected and secure. These laws are especially important to dental practices and need to be followed.
Keep reading to make sure your practice is following the HIPAA or PIPEDA.
Background on HIPAA & PIPEDA
Before we get started on how to properly comply with HIPAA or PIPEDA, it is important to understand why these laws are in place and how they affect your practice.
Now that information travels faster than ever with technology, the privacy and protection of this information is extremely important. Our personal information can be used in numerous negative ways, harming ourselves and those close to us. Information that is discussed in a medical sense is at the top of this list. Because of this, both The United States and Canadian governments have implemented laws to protect patients and their information.
The Personal Information Protection and Electronic Documents Act (PIPEDA) deals with the collection, use, and disclosure of personal information for commercial activity in Canada. Essentially, if your practice collects information from patients, it can only be used for the purpose that it was collected for. If you wish to use it for another purpose, you must obtain consent from the patient.
Provinces such as Alberta, British Columbia, and Quebec have their own privacy laws, similar to PIPEDA. These laws have been put in place to protect the privacy and personal information of consumers.
Similar to PIPEDA, The Health Insurance Portability and Accountability Act of 1996 (HIPAA) applies to the United States. To protect individuals and their health information in the digital age, the government mandated that all information regarding health plans, health care clearinghouses and all health care professionals that keep information electronically must abide by HIPAA.
Safeguarding when the information can be disclosed, HIPAA doesn’t allow practices to share any information without patient authorization. HIPAA has continued to be updated as technology has grown. In December 2000, the government added a Privacy Rule to protect individually identifiable health information. As well, in February 2003, they added a Security Rule to protect confidentiality.
To better understand PIPEDA, the government has provided a list of information that the act covers as well as principles that should be followed by all businesses that collect information from their customers or patients.
The following fall under PIPEDA:
- ID numbers
- Ethnic origin
- Blood type
- Social status
- Disciplinary actions
As this information is often collected by dental practices, it is important to know that it cannot be distributed without the consent of your patients.
To ensure your practice remains compliant, PIPEDA has provided ten principles.
- Identify purpose
- Limit collection
- Limit use, disclosure and retention
- Individuals access
- Challenging compliance
By practicing the principles above you can ensure you are keeping your patient information safe.
Similar to PIPEDA, the United States Government has provided a list of physical and technical safeguards that must be met for HIPAA compliance. These safeguards are put in place to protect your patient’s information from getting in the wrong hands.
HIPAA physical safeguards include:
- Limited facility access and control with authorized access in place
- Policies around access to workstations and electronic media
- Restrictions for transferring, removing, disposing, and re-using electronic media and ePHI
HIPAA technical safeguards include:
- Using unique user IDS, emergency access procedures, automatic log-off, and encryption and decryption
- Audit reports or tracking logs that record activity on hardware and software
It is important to note that HIPAA covers all forms of PHI.
- Paper records
- Electronic health information
- Spoken information
While the safeguard practices above may create extra work for those in your practice, you can rest assured that they will keep your information safe. If you know that your information is safe and secure, you can focus your efforts on running your practice and keeping your patients satisfied.
Maintaining Patient Trust
When patients visit your practice, not only are they trusting you with their dental work, they are trusting you with all of the information that they provide you, allowing you to do your job.
Now with information being more accessible than ever, your patients and your practice should be aware of the trust is occurring. To best maintain this trust, it is recommended that you assign a member of your practice to ensure these standards are being met and maintained. This will help keep your practice and patients safe as technology continues to evolve.
If you’re looking to learn more about how to keep your practice’s information safe, contact us for further support!