Читать книгу A Dentist’s Guide to the Law - American Dental Association - Страница 48

HIPAA does not mandate specific office design features, but the HIPAA rules do require covered entities to have reasonable and appropriate physical safeguards to protect the privacy and security of patient information. Facility security and contingency planning are two areas of the HIPAA Security Rule that may influence dental office design decisions.

For example, HIPAA requires a covered dental practice to adopt reasonable and appropriate policies and procedures to protect patient information and related buildings and equipment from natural and environmental hazards and from unauthorized access. Some of HIPAA’s physical security safeguard standards can be adjusted according to factors such as the dental practice’s size, complexity, capabilities, and budget.

The HIPAA Privacy Rule requires covered dental practices to reasonably safeguard patient information to limit incidental uses or disclosures made pursuant to an otherwise permitted or required use or disclosure. In some covered dental practices, such reasonable safeguards may involve dental office design decisions. According to the Office for Civil Rights, “[t]he HIPAA Privacy Rule does not require that all risk of incidental use or disclosure be eliminated to satisfy its standards. Rather, the Rule requires only that covered entities implement reasonable safeguards to limit incidental uses or disclosures.”³

Dentists who are covered by HIPAA probably do not need expensive structural changes such as private, walled-off operatories or overall office soundproofing. However, dentists should evaluate their office designs under applicable federal and state privacy laws to determine which safeguards are required, how to protect patient information in compliance with the law, and which office design choices are reasonable and appropriate to protect the privacy and security of patient information.

Office design features that can help protect privacy and security include:

• Exterior locks on doors and windows

• Locks on nonpublic areas of the dental office

• Workstations that cannot be viewed or accessed by the public

• Secured entrances to areas where patient information is stored

• Consultation areas and operatories where patient information can be discussed without being overheard

• Secure disposal of electronic and paper patient information in accordance with a document retention system that meets applicable federal and state law

• Secure data backup and storage systems

Although HIPAA does not mandate specific dental office design features, HIPAA compliance considerations may influence dental office design trends over time. For example, offices with open operatories may incorporate curtains or sliding doors. Floor plans may help prevent unauthorized access to patient information (for example, floor plans that direct foot traffic flow away from areas where patient information may be accessed, such as the front desk). Products marketed to protect and secure patient information (such as easily locking cabinets) may become more prevalent. While some of these changes may not be specifically required by HIPAA, they may make good compliance sense for both HIPAA and state privacy laws, so they are likely to take root in designers’ thinking about dental office design.

Unauthorized access to patient information can result in reputational and financial harm to the patient; for example, if a Social Security number is stolen, or if patient information is disclosed to an unauthorized individual. Unauthorized use or disclosure of patient information can also cause reputational harm to a dental practice, as well as the financial burden of complying with breach notification laws and the risk of penalties for noncompliance. Keeping privacy and security in mind when designing a dental office can help protect both patients and the dental practice.