Dentists should be aware that new HIPAA rules may apply when patients request an electronic copy of their information from dental practices that maintain electronic records.
The new rules took effect in March and required compliance by September 23, 2013, according to an ADA press release.
If patients request their records in unencrypted emails, practices may be required to provide the information that way if the patient has been advised of risks that unencrypted emails may be accessed by unauthorized third parties.
HIPAA requires that dental practices have reasonable safeguards to ensure that correct email addresses are used. Practices are not responsible for the email while in transit or once it is delivered to the patient.
Dental practices may want to consult an attorney to determine whether they are covered by HIPAA and how to respond to patient requests to comply with state and federal laws.
The updated "ADA Practical Guide to HIPAA Compliance Privacy and Security Kit" provides information on the new rule and a detailed explanation of the procedures for responding to patient requests for copies of electronic records, including email responses. ADA sells the guide (J598) at www.ADAcatalog.org or through member services at 800-947-4746.