September 2013 HIPAA Update for Dental Labs
New HIPAA rules affecting dental labs are coming into effect on September 23rd. Called the “final omnibus rule”, it includes increased fines for HIPAA violations and issues new requirements for reporting data breaches (see the Health and Human Services news release here). CORRECTION: in an earlier version of this post we said that labs need to sign business associate agreements with their doctors, which is incorrect. A couple folks let us know the NADL has noted that labs do not need business associate agreement, and we’ve just spoken with their in-house counsel to confirm. Our apologies for any confusion about this issue.
Realistically speaking the new rules don’t have a big impact on dental labs since the amount and volume of private patient information is limited, and to date we’ve never heard of a dental lab getting in trouble for data breaches (read our blog post discussing whether labs should be sending patient-related emails to their doctor clients here). But to comply with the law, maintain your good relationship with your doctors, and properly handle patient health information it’s a good idea to reach out to your clients if they haven’t already contacted you.
Further information on the new HIPAA rules:
Hippa rules overview: www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html
Overview on the Omnibus HIPAA Rulemaking: www.hhs.gov/ocr/privacy/hipaa/administrative/omnibus/index.html