Dental practices, under HIPAA regulations, need to use software that both makes their work easier and safeguards patient data. It's up to practices to know when to use HIPAA compliant software and how to pick the best options to effectively meet HIPAA's standards.
Dentists and HIPAA compliance
Dentists become covered entities if they participate in electronic transactions for which the Department of Health and Human Services (HHS) has adopted standards. These transactions include payment and remittance advice, claims status, eligibility, coordination of benefits, claims and encounter information, enrollment, referrals and authorizations, and premium payment.
Additionally, even dentists who are not covered entities themselves may still be subject to HIPAA Privacy and Security Rules if they provide services on behalf of a covered entity.
Related: When is a dentist a covered entity?
When is HIPAA compliant software necessary for a dental practice?
Software must be HIPAA compliant if it touches upon protected health information (PHI) on behalf of a covered entity or business associate.
If a dental practice meets the definition of a covered entity, it must use HIPAA compliant software to handle ePHI and ensure the security and privacy of patient information.
Dental practices acting as Business Associates on behalf of a covered entity are similarly required to be HIPAA compliant. Therefore, they must use HIPAA compliant software to protect the patient data they access.
Related: Can software be partially HIPAA compliant?
Requirements for HIPAA compliant software
- Administrative safeguards: The software should have administrative measures in place to manage the selection, development, implementation, and maintenance of security policies and procedures. This includes conducting regular risk assessments, employee training on security practices, and establishing processes for incident response and contingency planning.
- Physical safeguards: The software should have safeguards to protect the physical systems and equipment that house ePHI. This includes access controls, secure storage, and policies for equipment disposal or re-use to prevent unauthorized access or breaches.
- Technical safeguards: The dental software should employ technical measures to secure ePHI. This includes access controls with unique user identification, encryption of data in transit and at rest, audit controls to track system activity and mechanisms for authentication and integrity checks.
- Privacy rule compliance: The software must adhere to the HIPAA Privacy Rule, which governs the use and disclosure of PHI. It should have features to handle patient consent, access controls for sensitive information, and mechanisms to enable patients to exercise their rights regarding their health information.
- Security rule compliance: The software must comply with the HIPAA Security Rule, which establishes standards for protecting ePHI. This includes safeguards for data integrity, data backups and disaster recovery, ongoing security management, and regular risk assessments.
- Business associate agreement (BAA): If the software provider acts as a Business Associate, they must enter into a Business Associate Agreement with the covered entity, outlining the responsibilities and obligations regarding the handling of ePHI.
- Breach notification: The software should have mechanisms to detect and respond to security incidents or breaches. It should provide processes for timely reporting and notification of breaches to the covered entity.
The role of HIPAA compliant email in dental practices
Patients will inevitably use email when asking about appointments, treatment, and dental health. Secure, HIPAA compliant email may not be specific to the dental industry, but email solutions, like Paubox, seamlessly encrypts all emails by default. That means no portals, passwords, or taking time to remove PHI from emails when communicating with patients and laboratories.
Patients will inevitably use email when asking about appointments, treatment, and overall dental health, so email encryption is a standard best practice.
Related: Why Google Workspace and Microsoft 365 aren't enough for complete HIPAA compliance
American dental association software recommendations
The American Dental Association (ADA) suggests several dental practice management software options that "provide a great deal in the ways of both functionality and user intuition." Below we have listed a few of the HIPAA compliant offerings suggested:
- iDentalSoft: This is cloud-based dental practice software that handles dental charting, patient scheduling, communication, reminders, billing, and more. The software's terms of service also state that it offers users a Business Associates Agreement and several privacy and security policies.
- Curve Dental: Curve Dental offers cloud-based software available in different packages. It manages patient scheduling, communication, payment information, tooth, and periodontal charting, and digital imaging. Its website states they "closely follow privacy regulations, including HIPAA, which require that electronic private health information be transmitted and stored with the utmost security and care.".
- Dovetail: This is tablet-based software that features illustrated dental records, patient scheduling, communication, paperless billing, and more. The website says, "From June 2022, we are offering a HIPAA add-on to our Enterprise bundle customer."
- ADSTRA dental software: ADSTRA handles patient scheduling, communication, teeth charting, and x-ray imaging. Adtsra does offer HIPAA compliance but places the responsibility on any organization they offer services to maintain their own HIPAA compliant policies.
Related: HIPAA compliant email: The definitive guide
The holistic approach to HIPAA compliance
When a dental practice uses HIPAA compliant software, it is a step towards maintaining compliance with HIPAA regulations. However, the practice itself also has responsibilities to ensure its compliance. By combining the use of HIPAA compliant software with proactive measures, dental practices can enhance their overall compliance with HIPAA regulations and safeguard patient information effectively.
Related: Do dentists need to comply with HIPAA?