This probably wasn’t on any dentist’s 2020 “bingo card.”
Proposed changes to the Federal Trade Commission’s (FTC) Health Breach Notification Rule could cause confusion with guidance from the Department of Health and Human Services (HHS), and the situation has drawn a response from the American Dental Association (ADA).
In an August 20th letter, the ADA noted that the FTC rule “does not apply to health information secured through technologies specified by HHS” and is not applicable to businesses or organizations covered by the Health Insurance Portability and Accountability Act.
That would leave HIPAA-covered entities, such as dental practices, following the HHS breach notification guidelines. However, many practices might not understand the carve-out for HIPAA-covered entities and send multiple notifications to patients.
Not only is this burdensome on practices and third-party service providers, it’s annoying and confusing for patients.
A Healthy Dose of Common Sense
In its letter, the ADA said it “strongly recommends” that the FTC and HHS work “closely together to assess the extent to which vendors of personal health records, personal health records-related entities and third-party service providers may be HIPAA-covered entities or business associates of HIPAA-covered entities.”
The final version of the FTC rules are likely months away, but these seem to “anything can happen” days. Hopefully, that inter-agency cooperation will happen, and common sense will rule.
For the moment, it appears that dentists should follow the HHS regulations for HIPAA-covered entities. However, SmartBox does not give legal advice. If you have any doubt, be sure to consult a knowledgeable attorney or seek clarification directly from HHS.
SmartBox employs the best minds in dentistry to help you grow your practice. Our Practice Growth System™ is proven to help dentists in every market area across the country achieve predictable year-over-year growth.