Follow
The Herd
Subscribe

How to Make Sure Your Dental Practice Follows Privacy Laws (HIPAA & PIPEDA)

A businesswoman working on her laptop in the office with a lock icon symbolizing security as a virtual display above the keyboard

Whether you are a practice owner or office administrator, your patient’s privacy has to be kept to a high standard. In today’s world, privacy has never been more important. Patients are trusting your practice to keep their medical and personal information safe. 

The HIPAA and PIPEDA are both laws responsible for keeping patient’s information protected and secure. These laws are especially important to dental practices and need to be followed. 

Keep reading to make sure your practice is following the HIPAA or PIPEDA. 

Comparison between HIPAA and PIPEDA laws to ensure compliance

Background on HIPAA & PIPEDA

Before we get started on how to properly comply with HIPAA or PIPEDA, it is important to understand why these laws are in place and how they affect your practice. 

Now that information travels faster than ever with technology, the privacy and protection of this information is extremely important. Our personal information can be used in numerous negative ways, harming ourselves and those close to us. Information that is discussed in a medical sense is at the top of this list. Because of this, both The United States and Canadian governments have implemented laws to protect patients and their information. 

PIPEDA

The Personal Information Protection and Electronic Documents Act (PIPEDA) deals with the collection, use, and disclosure of personal information for commercial activity in Canada. Essentially, if your practice collects information from patients, it can only be used for the purpose that it was collected for. If you wish to use it for another purpose, you must obtain consent from the patient.

Provinces such as Alberta, British Columbia, and Quebec have their own privacy laws, similar to PIPEDA. These laws have been put in place to protect the privacy and personal information of consumers. 

HIPAA

Similar to PIPEDA, The Health Insurance Portability and Accountability Act of 1996 (HIPAA) applies to the United States. To protect individuals and their health information in the digital age, the government mandated that all information regarding health plans, health care clearinghouses and all health care professionals that keep information electronically must abide by HIPAA. 

Safeguarding when the information can be disclosed, HIPAA doesn’t allow practices to share any information without patient authorization. HIPAA has continued to be updated as technology has grown. In December 2000, the government added a Privacy Rule to protect individually identifiable health information. As well, in February 2003, they added a Security Rule to protect confidentiality. 

PIPEDA Compliance

To better understand PIPEDA, the government has provided a list of information that the act covers as well as principles that should be followed by all businesses that collect information from their customers or patients. 

The following fall under PIPEDA:

  • Age 
  • Name 
  • ID numbers 
  • Income 
  • Ethnic origin 
  • Blood type 
  • Opinions 
  • Evaluations 
  • Comments 
  • Social status 
  • Disciplinary actions 

As this information is often collected by dental practices, it is important to know that it cannot be distributed without the consent of your patients. 

PIPEDA Principles 

To ensure your practice remains compliant, PIPEDA has provided ten principles

  • Accountability
  • Identify purpose 
  • Consent 
  • Limit collection 
  • Limit use, disclosure and retention 
  • Accuracy  
  • Safeguards 
  • Openness
  • Individuals access
  • Challenging compliance

By practicing the principles above you can ensure you are keeping your patient information safe. 

A businessperson showcasing an acronym displayed over a tablet that stands for Health Insurance Portability and Accountability Act

HIPAA Compliance 

Similar to PIPEDA, the United States Government has provided a list of physical and technical safeguards that must be met for HIPAA compliance. These safeguards are put in place to protect your patient’s information from getting in the wrong hands. 

HIPAA physical safeguards include

  1. Limited facility access and control with authorized access in place 
  2. Policies around access to workstations and electronic media 
  3. Restrictions for transferring, removing, disposing, and re-using electronic media and ePHI

HIPAA technical safeguards include: 

  1. Using unique user IDS, emergency access procedures, automatic log-off, and encryption and decryption 
  2. Audit reports or tracking logs that record activity on hardware and software

It is important to note that HIPAA covers all forms of PHI

This includes:

  • Paper records  
  • Films 
  • Electronic health information 
  • Spoken information 

While the safeguard practices above may create extra work for those in your practice, you can rest assured that they will keep your information safe. If you know that your information is safe and secure, you can focus your efforts on running your practice and keeping your patients satisfied. 

Maintaining Patient Trust  

When patients visit your practice, not only are they trusting you with their dental work, they are trusting you with all of the information that they provide you, allowing you to do your job. 

Now with information being more accessible than ever, your patients and your practice should be aware of the trust is occurring. To best maintain this trust, it is recommended that you assign a member of your practice to ensure these standards are being met and maintained. This will help keep your practice and patients safe as technology continues to evolve. 

If you’re looking to learn more about how to keep your practice’s information safe, contact us for further support!

Written by Leah Dennis

Director, Client Success

Leah’s passion lies in ensuring our clients thrive. Thriving clients have a great experience, and our company builds lasting relationships that drive our reputation as the authority on Dental Management Systems. Systems create an organized, predictable environment in which team can flourish. Leah’s years of experience as a Practice Management Consultant has given her key insights into what works well by putting RecallMax to work in the real-world and understanding what our dental teams face on a daily basis.

Connect With Leah
checkmark facebook twitter linkedin2 youtube plus-circle minus-circle instagram facebook instagram facebook facebook2 pinterest twitter google-plus google linkedin2 yelp youtube phone location calendar share2 link star-full star star-half chevron-right chevron-left chevron-down chevron-up envelope fax