The National Association for Dental Labs has spent a considerable amount of time analyzing the impact of new HIPAA rules on dental labs. To follow up on our post last month, we wanted to share part of a recent statement they released on new HIPAA rules for dental labs:
Over the past couple of months we have been receiving an increased numbers of calls from NADL Members who are sharing that they are being asked by their client dentists to sign a HIPAA “Business Associate” Agreement.
The likely reason that you may be receiving more questions regarding whether dental labs are required to execute a business associate agreement is that the U.S. Department of Health and Human Services (HHS) made some modifications to the HIPAA Rules earlier this year. HHS’ new rules broaden HIPAA’s definition of Business Associate to include a whole new group of entities, giving them until September 23, 2013 to be HIPAA compliant.
HIPAA was never intended to prevent health care providers from sharing Protected Health Information (PHI) for the purpose of treating a patient. Accordingly, HIPAA Rules have in the past provided that a covered entity is not required to enter into a business associate agreement with the recipient in order to share protected health information for the treatment of an individual. (Previously in 45 CFR 164.502(e)(1)(ii))
While the HIPAA rule changes have removed this exception, the good news for dental laboratories is that the HIPAA rule changes have modified the definition of "business associate" itself to specifically exclude the recipients of protected health information in these circumstances. Specifically, dental laboratories are excluded from the HIPAA definition of a “business associate” and consequently are still not required to execute a business associate agreement. (See 45 CFR 160.103(4))
The following phone number may be helpful if you receive any question about business associate agreements in the future. By calling the American Dental Association’s HIPAA Hotline at 312-440-2899, ext. 3 a dentist or other caller may verify that a business associate agreement is not required for a dentist to share protected information with a dental laboratory.
Of course, even though a business associate agreement is still not required, dental laboratories continue to apply reasonable safeguards to protect a patient’s protected health information from inappropriate use or disclosure.
NOTE: SoundTrack software complies with HIPAA data protection standards so our dental lab users can focus on what they do best: fabricating restorations.