<img alt="" src="https://secure.office-information-24.com/785566.png" style="display:none;">
Skip to content

Untitled design (1)-1

Productivity enhancement software that modernizes the patient journey.

Untitled design (2)-1

Optimize your patient journey and practice growth strategy across multiple locations.


Includes advanced analytics and one-on-one coaching from our in-house consultants.

Get more reviews


Patient forms made easy


Ready for a demo?


Want to talk?


Find up to $750k in your charts with CHART.AI®

Become a certified genius when you complete our online training.

Our expert support team is here for you whenever you need them. 

Proper onboarding and training means you are ready to go from day one.
Leah Crites08-Jun-214 min read

How to Make Sure Your Dental Practice Follows Privacy Laws (HIPAA & PIPEDA)

Whether you are a practice owner or office administrator, your patient’s privacy has to be kept to a high standard. In today’s world, privacy has never been more important. Patients are trusting your practice to keep their medical and personal information safe. 

The HIPAA and PIPEDA are regulations responsible for keeping patient’s information protected and secure. These regulations are extremely important to dental practices and need to be followed. 

HIPAA and PIPEDA updated graphic (1)

Background on HIPAA & PIPEDA

Before we get started on how to properly comply with HIPAA or PIPEDA, it is important to understand why these regulations are in place and how they affect your practice. 

Now that information travels faster than ever with technology, the privacy and protection of this information is extremely important. Our personal information can be used in numerous negative ways, harming ourselves and those close to us. Information that is discussed in a medical sense is at the top of this list. Because of this, both The United States and Canadian governments have implemented regulations to protect patients and their information. 


The Personal Information Protection and Electronic Documents Act (PIPEDA) deals with the collection, use, and disclosure of personal information for commercial activity in Canada. Essentially, if your practice collects information from patients, it can only be used for the purpose that it was collected for. If you wish to use it for another purpose, you must obtain consent from the patient.

Provinces such as Alberta, British Columbia, and Quebec have their own privacy regulations, similar to PIPEDA. These laws have been put in place to protect the privacy and personal information of consumers. 


Similar to PIPEDA, The Health Insurance Portability and Accountability Act of 1996 (HIPAA) applies to the United States. To protect individuals and their health information in the digital age, the government mandated that all information regarding health plans, healthcare clearinghouses, and all healthcare professionals who keep information electronically must abide by HIPAA. 

Safeguarding when the information can be disclosed, HIPAA doesn’t allow practices to share any information without patient authorization. HIPAA has continued to be updated as technology has grown. In December 2000, the government added a Privacy Rule to protect individually identifiable health information. As well, in February 2003, they added a Security Rule to protect confidentiality. 

PIPEDA Compliance

To better understand PIPEDA, the government has provided a list of information that the act covers as well as principles that should be followed by all businesses that collect information from their customers or patients. 

The following fall under PIPEDA:

  • Age 
  • Name 
  • ID numbers 
  • Income 
  • Ethnic origin 
  • Blood type 
  • Opinions 
  • Evaluations 
  • Comments 
  • Social status 
  • Disciplinary actions 

As this information is often collected by dental practices, it is important to know that it cannot be distributed without the consent of your patients. 

PIPEDA Principles 

To ensure your practice remains compliant, PIPEDA has provided ten principles

  • Accountability
  • Identify purpose 
  • Consent 
  • Limit collection 
  • Limit use, disclosure and retention 
  • Accuracy  
  • Safeguards 
  • Openness
  • Individuals access
  • Challenging compliance

By practicing the principles above you can ensure you are keeping your patient information safe. 

HIPAA Compliance 

Similar to PIPEDA, the United States Government has provided a list of physical and technical safeguards that must be met for HIPAA compliance. These safeguards are put in place to protect your patient’s information from getting in the wrong hands. 

HIPAA physical safeguards include

  1. Limited facility access and control with authorized access in place 
  2. Policies around access to workstations and electronic media 
  3. Restrictions for transferring, removing, disposing, and re-using electronic media and ePHI

HIPAA technical safeguards include: 

  1. Using unique user IDS, emergency access procedures, automatic log-off, and encryption and decryption 
  2. Audit reports or tracking logs that record activity on hardware and software

It is important to note that HIPAA covers all forms of PHI

This includes:

  • Paper records  
  • Films 
  • Electronic health information 
  • Spoken information 

While the safeguard practices above may create extra work for those in your practice, you can rest assured that they will keep your information safe. If you know that your information is safe and secure, you can focus your efforts on running your practice and keeping your patients satisfied. 

Maintaining Patient Trust  

When patients visit your practice, not only are they trusting you with their dental work, they are trusting you with all of the information that they provide you, allowing you to do your job. 

Now with information being more accessible than ever, your patients and your practice should be aware of the trust is occurring. To best maintain this trust, it is recommended that you assign a member of your practice to ensure these standards are being met and maintained. This will help keep your practice and patients safe as technology continues to evolve. 

If you’re looking to learn more about how to keep your practice’s information safe, contact us for further support!


Leah Crites

Leah started her career in the dental industry in 2002, managing one of North America’s largest dental practices. From there she moved on to run her own practice management consultancy firm, which focused on system development, implementation and performance analysis. Over the course of her career, and backed with over two decades of invaluable experience, Leah has become an expert in optimizing practices to deliver long-term growth. Now, as Vice President of Client Success at RecallMax™, Leah utilizes her passion to develop advanced education programs and provide consultative advice to dental practices across Canada and the USA. Leah is a Founding Advisory Board Member at Women in DSO, established in 2019 to empower and develop women leaders in the DSO and dental industry.