Dental Offices May Be Fined for Slow Release of Copies of Dental Records
The Dental Board of California revealed in a recent report that some dentists in the state are not giving patients copies of their dental records promptly, which is a violation of the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy Rule and state laws.
The State law BPC §1684.1 requires dental practices to give patients a copy of their dental records no later than 15 days after the submission of a request. Under HIPAA 45 CFR § 164.524, covered dental offices need to give patients their dental records within 30 days from the submission of a request. The HIPAA Privacy Rule additionally requires dentists to give a copy of patient records in the format requested, as long as the provider has the technical capability to provide copies of records in the format requested.
The Dental Board is authorized to cite and fine practices that have been found to have violated state laws. According to the 2018 Sunset Review Report for the California Legislature, citations had increased 36% in each of the past 4 years. Failing to give dental records copies within 15-days is one of the most frequently violated state laws for which dentists have been cited. The maximum possible fine for exceeding the 15-day deadline is $500 per day up to a maximum of $5,000.
Besides Dental Board penalties, not responding to the requests of patients for copies of their health data or exceeding the 30-day time frame could see dentists fined for noncompliance with HIPAA.
The Department of Health and Human Services’ Office for Civil Rights (OCR) fined Cignet Health of Prince George’s County $4,300,000 for violations of the right of access in 2011 and OCR has already stated his year that right of access violations are one area where enforcement activity will increase this year.
Dental offices discovered to be regularly denying patients a copy of their health information or those that are willfully not adhering to the 30-day period for providing copies of dental records could have to cover a sizable financial penalty for noncompliance.
