Dental and Vision Providers: The 3 Cs for Managing a HIPAA Breach

Posted by Deborah Pinnock on Oct 27, 2016 3:50:28 PM



Managing a HIPAA Breach.jpgMany healthcare organizations can blame healthcare breaches for the stiff penalties many of them have faced, including a spot on the Office of Civil Rights wall of shame. In 2015 alone, there were 253 healthcare breaches, which impacted 500 or more individuals. This means that over 112 million patient records were compromised. But before you breathe a sigh of relief and move on to the next item on your busy to-do list, it’s important to know that HIPAA breaches and consequences are not just limited to large organizations.

Whether you are a solo dentist or optometrist, or a member of a group practice, you are also susceptible to a HIPAA breach. And what’s more, based on their announcement over the summer, the Health & Human Resources Office of Civil Rights plans to start focusing on groups that have incidents involving fewer than 500 individuals. As such, it’s important for you to know ahead of time how to manage a HIPAA breach if or when one occurs. Here are three Cs that will help you understand the steps to take.


Step 1: Clarify

The first step in managing a HIPAA breach is to clarify what is considered a breach. The U.S. Department of Health and Human Services defines it as, “An impermissible use or disclosure of protected health information.” This protected health information (PHI) must be considered unsecured, meaning it is readable, usable or decipherable to unauthorized individuals via technology or other methods.


Step 2: Confirm

Once you are clear on the official definition of a breach, take a close look at the details of your office’s incident to confirm if your patients’ information has truly been compromised. Keep in mind, once unsecured PHI has been disclosed to an unauthorized individual, it is categorized as a breach; however, it’s possible that the status of the situation can change if your office can show that the possibility of compromise is low based on its assessment of the following:

  • The type of details in question and the possibility that these could be used to identify the patient
  • The individual(s) who has or was given access to the patient’s PHI
  • Whether the protected health information was seen or obtained
  • The degree to which steps were taken to ensure that this information was secure and not easily accessible  


Step 3: Communicate

If you determine that a breach has taken place, communicate, communicate, communicate! Here are the people that you should notify:

  • The affected individual. Within 60 days of realizing that there is a breach, your office must make every effort to notify the person(s) in writing and advise them that their information has been compromised. You may email patients if appropriate arrangements were made to do so before hand. Additionally, if you are unable to contact 10 or more patients, you may utilize your website or broadcast media to notify them.


  • The media. If the breach impacts over 500 residents in a state or jurisdiction, your office must reach out to a major media group via press release or other means and make them aware of the incident. This must be done within 60 days after the breach.



You and your staff work hard every day to provide dental or vision care for your patients. Not only are you providing treatment plans and counsel on how your patients can stay healthy, you are also processing claims, interacting with insurance companies, managing your staff, doing your best to adhere to the HIPAA Privacy Rule and much more.keeping patient records intact and much more. But you’re not perfect. Despite your best efforts, you may have an incident where your patients’ information is disclosed inappropriately. So, take steps to train your staff and create a plan to protect your patients’ PHI. However, be ready to clarify, confirm and communicate if Murphy’s law strikes.


 New Call-to-action



Related Topics

OSHA Guidelines: Is Your Practice Safety Compliant?

Tips to Get Dental Claims Paid: Essential Data for Carriers

Office Management Tips for Dentists that Work



Follow Me

How to market your dental practice guide
Click for RSS feed

Subscribe by Email

Recent Posts