A recent $5,500 fine imposed by the Office of Civil Rights (OCR) on a North Texas dentist is the epitome of a camel’s-nose-under-the-tent storyline.
Said dentist had a patient upset that his PHI was displayed on the computer screen in an operatory for what he felt was an inappropriate amount of time. The patient filed a complaint with OCR, and a two-day investigation ensued.
The five-minute timeout on the computer screen wasn’t considered excessive. But the investigator discovered two significant violations. First, the Notice of Electronic Disclosure form was not posted in the office as required by law. That resulted in a $500 fine. In addition, the office had no HIPAA policies and/or procedures in place to protect their patients’ Protected Health Information (PHI). The fine for that was $5,000.
HIPAA and OSHA compliance share two traits. First, neither are optional; they’re the law. Second, a practice owner is one anonymous phone call away from an investigation. As you can see, complying with requirements pays long-term dividends.
If “Notice of Electronic Disclosure,” “HIPAA Policies and Procedures,” or “HIPAA Risk Assessment” have you scratching your head, don’t brush them off. Just as small, one-surface cavities are easy to treat when detected early, but can jeopardize one’s health if ignored; ignoring these puts your practice at risk. Smart Training’s compliance experts have completed over 1,000 inspections of dental practices all over the country and can help your practice.