By Paul Feuerstein, DMD
HIPAA and EHRs (electronic health records) are two abbreviations that have received much attention recently. HIPAA has some critically important changes that relate to dental practices while the EHR does not have federal mandates that apply to all dentists in 2014.
On April 26, 2004, President George W. Bush announced: "Within 10 years, every American must have a personal electronic medical record ...." In late 2005, the Healthcare Information Technology Standards Panel was commissioned by the U.S. Department of Health and Human Services. The panel's role was "to harmonize and recommend the technical standards necessary to assure the interoperability of electronic health records."
The inference was that by 2014 dentistry would be required to be chartless. This is admirable in some respects and controversial in others. It would be great if a patient who is moving or being referred to another office could have all the dental records transferred at the push of a button. No more photocopies of illegible charts or unreadable paper copies of radiographs.
One of the overlying issues is that there are many practice-management systems that dentists use. They are not interoperable, and the data is stored differently as anyone who has changed software and done a data conversion can attest.
To be sure this concept is being addressed, companies have to keep in mind that this has to be quite secure and privacy is maintained as I will outline later in this column.
According to the ADA, there is no mandate to have these electronic records by 2014. The ADA clearly states, "For the vast majority of dentists, there is no fixed deadline to switch to electronic health records. The deadline exception is for dentists who bill Medicare for patient services. For these dentists, starting in 2015, Medicare reimbursement rates will be affected if ‘meaningful use' of EHRs has not been demonstrated."
The important news for dentists, though, is the new HIPAA Omnibus Act. The deadline was Sept. 23, 2013 and the act's regulations are very specific. In addition, there will be strict enforcement for noncompliance including large fines. No excuses such as "I didn't know about this" will be accepted. Don't waste any time. The fines range to as much as $1.5 million.
Many of these rules pertain to practice-management system computer security. Others are changes to the forms that patients sign while still others are related to such items as employment contracts in the office. This outline is from my Massachusetts Dental Society.
Dental practices had until Sept. 23, 2013, to comply with the provisions in the 2013 Omnibus Final Rule, which requires covered practices to update their compliance policies, procedures, and documents, such as Notice of Privacy Practices and Business Associate Agreements.
Some major changes as a result of the Final Rule are:
- Modification to the Notice of Privacy Practices
- Changes to business associate responsibilities
- Changes to business associate agreements
- Requirement for providing patients with electronic copies of their records in certain circumstances
- Restricted access to information for a service that the practice has been paid for in full
Keep in mind that offices will have to secure, monitor, and maintain all aspects of the technology used in the office including networks and backups, both of which contain patients' personal health information.
To help members comply with the Final Rule, the ADA offers a HIPAA compliance kit and an online continuing education course.
The compliance kit – Practical Guide to HIPAA Compliance, Privacy, and Security Manual – was developed for dentists, and provides a step-by-step plan to prepare and implement a compliance program. The kit reflects changes that have been prescribed in the 2013 Final Rule, and includes sample policies and procedures, a sample Business Associate Agreement, and a sample Notice of Privacy Procedures.
Members can order the compliance kit at a reduced rate from the ADA catalog. The details are at http://www.ada.org/8753.aspx. For members, information on EHRs is available at https://www.ada.org/members/6212.aspx (login required).
This is real. If you haven't started, you are already past the deadline!
Paul Feuerstein, DMD, installed one of dentistry's first computers in 1978, teaching and writing about technology since then while practicing general dentistry in North Billerica, Mass. He maintains a website (www.computersindentistry.com), Facebook page (Paul-Feuerstein-DMD-Dental-Technology), is on Twitter (@drpaulf), and can be reached via email at [email protected].