Are Dentists Covered by HIPAA?

HIPAA Guidelines for Medical Offices - HIPAAGuide.net

Dentists are covered by HIPAA if they conduct electronic transactions for which the Department of Health and Human Services has published standards in Part 162 of the HIPAA Administrative Simplification Regulations. Dentists may also be covered by HIPAA if they provide services for or on behalf of a covered entity as a business associate.

The Department of Health and Human Services lists defines “covered entities” as healthcare clearinghouses, health plans, and healthcare providers. However, healthcare providers – which includes dentists – are only covered entities if they “transmit information in an electric form in connection with a transaction for which the Department of Health and Human Services has adopted a standard”. These transactions can include treatment authorizations, eligibility checks, claims for payment, and billing. 

One part of this definition in particular should be highlighted. Dentists are only considered to be covered entities if they transmit information in an electronic form. Of course, with the widespread use of modern technologies such as HIPAA compliant email, text messages, and other online forms, the vast majority of dentists will meet this definition. Even if dentists only use transmit protected health information (PHI) electronically for some of their transactions, all transactions that are undertaken by that dentist must be HIPAA compliant.

However, there may be a minority that does not meet this definition as they never transmit patient information electronically or do not use standardized transaction codes. (For example, if patients are billed directly). 

In some cases, HIPAA will not apply to dentists because a different, more stringent privacy rule takes precedent. This is the case when dentists are treating students. A student’s dental records are considered to be part of their education records, and are therefore covered by the Family Educational Rights and Privacy Act (FEPA). FERPA is more stringent than HIPAA, so it takes precedent. HIPAA may be similarly superseded by other State-level legislations that have  more stringent requirements. 

If a dentist works across different scenarios, some of which require HIPAA compliance, it is considered to be a hybrid entity. This may be the case if, for example, the dentist is based part-time in a publicly-funded school. 

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

HIPAA applies to dentists if they are contracted by other dentists to carry out specific tasks by another dentist. In these cases, a dentist is considered to be a Business Associate, and is subject to HIPAA. Their duties under HIPAA, and responsibilities in terms of the use and protection of PHI, will be laid out in the Business Associates Agreement between the dentist that is the Covered Entity and the BA. 

To ensure HIPAA compliance, dental practices must appoint a HIPAA Privacy Officer and a HIPAA Security Officer. These roles may be combined into a single “HIPAA Compliance Officer”. Indeed, if a dentist practices by themselves, they must appoint themselves the Privacy Officer. 

In summary, the answer to “does HIPAA apply to dentists” is not straightforward. However, in the majority of cases, HIPAA does apply to dentists, either because they meet the definition of a Covered Entity or because they are a Business Associate of a HIPAA-covered dental practice. 

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/