The HIPAA Privacy Rule creates national standards to protect individuals’ medical records and other personal health information and to give patients more control over their health information. It sets limits on the use and release of health records. It establishes safeguards that providers and health plans must implement to protect the privacy of health information. The Privacy Rule provides that, in general, a covered entity may not use or disclose an individual’s healthcare information without permission except for treatment, payment, or healthcare operations. The Privacy Rule will require the average healthcare provider or health plan to do the following:
- Notify patients about their privacy rights and how their Information can be used.
- Adopt and implement privacy procedures for its practice, hospital or plan.
- Train employees so that they understand privacy procedures.
- Designate an individual to be responsible for seeing that privacy procedures are adopted and followed.
- Secure records containing individually identifiable health information so that they are not readily available to those who do not need them.
The rule also provides for reduced compliance for plans that share limited information with the plan sponsor. Other related regulations provide requirements for the security of health information; national standards for electronic healthcare transactions; and national identifiers for providers, health plans, and employers.
Omnibus Rule Update of 2013 – HIPAA Business Associate Agreements
The U.S. Department of Health and Human Services drafted the Privacy Rule so that it would not interfere with the sharing of information among health care providers for the treatment of patients. The Privacy Rule classifies dentists and the dental laboratories that fulfill dentists’ work orders for prosthetics as health care providers. Disclosures between you and Modern Dental Laboratory (“Modern”) for the treatment activities that the lab provides are explicitly excluded from the business associate requirements of the Privacy Rule. An Agreement is not required by the Privacy Rule for dental laboratory services that are customarily provided to the laboratory pursuant to your prescriptions.
The Office of Civil Rights (“OCR”), the Health and Human Services agency charged with HIPAA Privacy Rule enforcement provisions, said OCR agrees that dental laboratories are health care providers, so an Agreement is not required to share protected health information for treatment purposes. Modern does not receive patients’ telephone numbers, addresses, birth dates, social security numbers, medical records or data directly identifying individuals’ relatives, employers or household members, also known as Protected Health Information. Names that clients provide us are only used by us to help clients identify their cases.
Should you have further questions, we recommend you call the American Dental Associations HIPAA Hotline at 312-440-2899, Ext. 3 for a recorded message explaining that dental laboratories are not business associates.
Modern Dental Laboratory USA believes that the privacy of the dentist should also be protected. Our relationship is our most prized asset, so all information related to your practice is held completely confidential. We treat it the same as the patient – doctor confidential policy.
- Our client list is completely confidential. We do not share it outside of Modern Dental Laboratory USA.
- The only time your name will be associated with Modern Dental Laboratory USA is with your express permission.
In summary, we do not share any information concerning your practice or patients, without your permission.