My Free Audit & Consultation
Client Portal & Support

Startup or Not, This Is Your Ultimate HIPAA Checklist

Post Contents

Let’s bust a myth: your IT department, company, or team isn’t responsible for providing HIPAA
compliance. It’s a common assumption. After all, your IT team often handles sensitive patient
information – a key aspect of HIPAA.
However, compliance actually relies on consistent documentation and action plans. These are enacted
and overseen by the management. That being said, whether you’re an established practice or a dental
office startup, great IT companies know they’re the most qualified to handle this role with the greatest
access.
Usually, that results in an IT support company leading the compliance efforts as a partner to their client
– even if they’re not directly responsible.
So, if this is news to you or you just want to revise your regulatory knowledge, we’ve got a complete
HIPAA compliance checklist to go through. Tick off what you’ve done and set up plans to rectify any
issues.
Let’s get started!

Your Ultimate HIPAA Checklist

Since its inception, the Health Insurance Portability and Accountability Act (HIPAA) sought to set clear
standards for the protection of sensitive patient data. Governing healthcare providers, including dental
office startups, it ensure that they, as the custodians of Protected Health Information (PHI), take the
necessary measures to safeguard the information entrusted to their care. That covers everything from
privacy to security.

Use the following sections below (the HIPAA checklist) as a roadmap for HIPAA compliance within your
dental practice:

Understanding the Basics

HIPAA’s reach covers almost all aspects of dental practice’s operations, from booking appointments
to dental referrals. The fundamental first step in being compliant is understanding the act – and its
primary Privacy, Security, and Breach Notification Rules.
Passed in 1996, data privacy and breaches used to refer to paper records and some computer systems.
However, in the years since, the risk of data breaches from cyber-attacks has grown, changing how
providers follow the regulations.

Most important is keeping your staff up-to-date with the latest advice – which could include regular
newsletters, webinars, or consultations with compliance experts.

HIPAA Compliance Officer Designation

The biggest step in your HIPAA compliance checklist (and must-do for dental office startups) is to
designate a HIPAA Compliance Officer(s). This individual is responsible for ongoing training and
compliance measures, and their duties span the entire practice.
They’ll require the necessary resources to carry out their duties and act as a point of contact for HIPAArelated queries or concerns.

Risk Assessment

Performing an initial comprehensive risk assessment is imperative for a dental office startup. However,
risk assessments aren’t a one-off occurrence but a routine aspect of daily life. You should schedule risk
assessments regularly to detect new vulnerabilities or changes in practice operations.
Furthermore, if there is a substantial change in risk assessment, bringing an assessment forward can
be sensible, e.g., if you’ve moved to new premises or overhauled your IT system.

Develop Policies and Procedures

Based on your risk assessment and practice requirements, you’ll need to draft policies and procedures
for handling PHI. These documents serve as a blueprint for practice operations and should be kept up
to date with the law and any changes.
Staff training is non-negotiable. From the receptionist to the dental hygienist, all staff members should
be familiar with your policies and procedures and any other aspects of HIPAA compliance. The session
should occur upon hiring and periodically thereafter.
Remember! Document these training sessions – you want a clear paper trail of compliance.

Patient Access and Safeguards

Patients have fundamental rights concerning their PHI. Protecting these rights is a dental practice’s
duty, including providing access to records and the ability to request amendments. However, you must
use secure methods to verify the identity of individuals who request access.
That requires technical and physical safeguards.
Technically, all patient data should be encrypted when stored and transmitted. That means even if it is
intercepted, nobody can access the data. Moreover, firewalls, antivirus software, and intrusion
detection systems should be in place (alongside strong password policies and even multifactor
authentication) to keep the system continually secure.
Physically, access to workstations and the overall premises should be limited. Locks, alarm systems,
and other security measures are expected, as is the correct disposal of sensitive information.

Patients should be informed about how their PHI is used and protected within the practice. Usually, this
is done through a Notice of Privacy Practices available to all patients.

Incident Response and Reporting

Of course, nothing always runs smoothly. That’s why your HIPAA compliance checklist requires
developing and implementing an Incident Response Plan. This should cover the reporting requirements
for breaches and have a protocol for notification.
Like all the other plans described in your checklist, keeping it updated with the latest guidance and
practices is critical.
On the other hand, you must also establish a protocol for handling complaints related to privacy
practices. That covers everyone from patients to staff – including applying appropriate sanctions to staff
members who violate HIPAA policies.

Documentation and Record Retention

Every plan, action, and conversation related to the topics listed here in the HIPAA compliance checklist
should be documented. It’s not uncommon for a dental office startup (or even some experienced
practices) to treat documentation as something nice but unnecessary.
That’s a mistake! Maintaining documentation of HIPAA compliance efforts and policies over the
previous six years is required and also covers your practice should a complaint or issue be raised. Don’t
leave your documentation in a dusty folder – keep it up-to-date and review it regularly to ensure it
reflects current practices and compliance.

Closing Thoughts

Adherence to this HIPAA compliance checklist isn’t an optional extra; it’s the law. Practices found to be
in violation of the act, whether they’re a dental office startup or long-standing practice, can and will be
prosecuted.
Remember, compliance is an ongoing process that requires continuous attention and adaptation.
While your IT services will be heavily involved, they are not ultimately responsible for noncompliance –
that’s the responsibility of your compliance officer.

Sources and Credit:
https://www.hipaajournal.com/hipaa-compliance-checklist/
https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/Downloads/HIPAAPrivacyandSecurity.pdf

Who Hacked HenrySchein? Blackcat – A Russian Hack for Hire Criminal Ring

Read More >>

Mental Health in Dentistry – Malign Stress

Read More >>

Futureproofing Your Practice with the Right Dental IT Support Company

Read More >>

Dentist IT Support and Why You Can’t Do It All

Read More >>

Great IT Makes Money While Good IT Only Saves It. Complex Issues in the Dental Office and Untapped Opportunities

Read More >>

Why Your Dental Support Group May Not Protect You Enough

Read More >>

Spotify

Get relevant content early. Make your custom Newsletter now…

Who Hacked HenrySchein? Blackcat – A Russian Hack for Hire Criminal Ring

Read More >>

Mental Health in Dentistry – Malign Stress

Read More >>

See More News & Alerts
Linkedin Spotify Icon-Xx