Quiz: How well do you know your HIPAA and OSHA responsibilities?

I routinely consult with dental practices who sincerely believe they know what their responsibilities and duties are when it comes to HIPAA and OSHA, but in reality, do not. Does your practice fall into that category?

If so, you could not only be putting your patients at risk, but the overall health and profitability of your practice as well. The reality is that you will be audited at some point, and possibly fined or otherwise ‘punished’, for non-compliance. As with the tax man, ignorance of the rules is NOT an excuse.

Take this brief true/false quiz to see how you rate. Answers follow, and please note, these questions do not constitute a comprehensive overview of current OSHA and HIPAA requirements. They are representative of just a few issues you may need to address.

  1. Patients must sign a release form before you can request a copy of their x-rays, whether digital or other, from a third party. T or F?
  2. You do not have to have a patient’s permission to use their photos in your marketing material or office display as long as the photo does not show their entire face.  T or F?
  3. You must have a written and dated business associate agreement – including plumbers, office cleaners, IT staff, consultants, etc – in which they acknowledge that they will be held responsible in the same way you are for protected health information. T or F?
  4. All new and existing patients are required to sign an updated notice of privacy form which includes the Security and HiTech Act. T or F?
  5. You must conduct spore testing at least once a week, unless the provider is not in the office, for instance, if the doctor is on vacation. T or F?
  6. Your emergency kit must be checked every 6 months, with your findings documented in writing, to make sure nothing is out of date. T or F?
  7. You must hold a mock fire drill, and review other emergency protocols, every time you hire a new employee. T or F?


ANSWERS

  1. Patients must sign a release form before you can request a copy of their x-rays, whether digital or other, from a third party. TRUE. You cannot request copies of patient x-rays (in any form) without a patient’s express, written consent, which should be made available to the Provider you are requesting x-rays from.
  2. You do not have to have a patient’s permission to use their photos in your marketing material or office display as long as the photo does not show their entire face.  FALSE. You must have a Right of Likeness letter on file, signed and dated by the patient, before you can use their likeness in ANY form in your practice. This is good for one year only.
  3. You must have a written and dated business associate agreement – including plumbers, office cleaners, IT staff, consultants, etc – in which they acknowledge that they will be held responsible in the same way you are for protected health information. TRUE. Your business associates are held to the same standard you and your team are when it comes to protected health information. They should see only the information that is pertinent to their job, nothing else. This agreement must be signed and dated. When HIPAA rules change, as they do, you must have new signed and dated agreements in place.
  4. All new and existing patients are required to sign an updated Notice of Privacy Statement which includes the Security and HiTech Act. TRUE. Rule changes have been implemented in the past 2 years which require updates to your Notice of Privacy Statement.
  5. You must conduct spore testing at least once a week, unless the doctor is not in the office, for instance, if the doctor is on vacation. FALSE. You must spore test once a week, and keep a log of those tests, even if the doctor is out of the office for any reason. If the office is closed completely, note this.  
  6. Your emergency kit must be checked on a yearly basis, with your findings documented in writing, to make sure nothing is out of date. FALSE. Your emergency kit must be checked on a monthly basis, and your findings documented.
  7. You must hold a mock fire drill, and review and document other emergency protocols, every time you hire a new employee. TRUE, like it or not.

If you have questions about these topics or others, please contact Amy, or her colleague, Linda Harvey, both of whom will be happy to help you navigate the complex and often confusing ‘waters’ of required  OSHA and HIPAA compliance.