Dentistry

HIPAA Dental Photography
Abyde News, Best Practices, HIPAA

Smile Safely: What Dental Practices Need to Know About Patient Photos

September 25, 2025 No comments yet

September 25, 2025   Smile! Members of your dental practice look at countless images of your patients’ pearly whites daily. However, it can be a major HIPAA violation if your practice doesn’t handle these images carefully. While X-rays of a patient seem anonymous, X-rays and patient medical imaging are considered Protected Health Information (PHI). PHI is health data that can easily be linked to an individual patient. In fact, X-rays also usually include further information, including a patient’s full name and birthday, to ensure they are appropriately assigned and shared with the right patient. The same goes for images of patients’ teeth taken with a traditional camera. HIPAA is about keeping patient information safe, protecting healthcare data, and holding everyone accountable.  So, your practice’s job is to keep patient images from curious eyes peeking where they shouldn’t.   No Peeking! When handling X-rays and other forms of dental photography, ensure that role-based permissions are correctly assigned. In other words, ensure that whoever has access to these images truly needs access. For example, your receptionist most likely doesn’t need access to a patient’s X-rays, but your head dentist would. Your practice must assign these roles to keep patient data safe and terminate any access once an employee leaves or roles change. A recent HIPAA fine highlights the importance of this, with an $800,000 fine after one patient became aware of improper staff access. Your practice should also routinely monitor access to PHI, ensuring that a) the viewer can view specific patient images and b) it makes sense when and how long they review PHI. For example, your practice’s billing staff doesn’t need to look at a patient’s health records at 3 a.m. Noticing odd access to PHI can let your practice catch issues quickly, like hackers.   Smile for the Camera (and get an Autograph!) While it’s vital to keep patients’ medical images, such as X-rays and traditional photos, under lock and key, with the right documentation, you can share these images publicly. Let’s say your practice wants to share a patient’s orthodontic journey with braces on social media with a before-and-after post. Before posting anything, make sure your patient signs a media consent form. These forms should be thorough and documented by your practice. A patient must be able to revoke consent easily at any time. While you have this consent, keeping any images as anonymous as possible is still best practice. You shouldn’t be tagging your patients in social media posts!   Smile with Compliance Confidence As they say, a picture is worth a thousand words, and in healthcare, those words are PHI that must stay protected. Dental images play a key role in diagnosing and treating patients, which is why your practice needs to keep this form of PHI secure. With the right compliance solution, your practice can simplify HIPAA by managing everything in one centralized hub. Important documents, like media consent forms, are always easy to access. Connect with a HIPAA expert today to learn how to streamline compliance.

HIPAA Fines in Dentistry
Abyde News, Fines, HIPAA

The Bite of HIPAA:  True Stories of Dental HIPAA Fines

July 15, 2025 No comments yet

July 15, 2025 Running your dental practice comes with its unique set of challenges. You’re wearing multiple hats, and it’s a stressful fashion statement. While OSHA is always on your radar, just from the nature of dentistry, forgetting about HIPAA can be costly.  While you think your practice would never be in the hot seat, small dental practices, you’d be mistaken.  See how to avoid these common pitfalls in your dental practice, allowing you to continue running it effectively.    Time is of the Essence: Right of Access Under the HIPAA Privacy Rule, HIPAA not only defines how Protected Health Information (PHI) needs to be secured but also how it needs to be shared with authorized parties. Right of Access is a part of this rule. This rule requires healthcare providers to deliver requested patient records within 30 days of the patient’s request.  Gums Dental Care, a small Maryland dental practice, was fined for violating this HIPAA requirement. The patient initially requested their records in April 2019. The practice did not provide records until May 2022.  The patient alerted the Office for Civil Rights, which started a long, overwhelming journey for Gums Dental. The OCR intervened countless times, requiring the practice to provide the patient with their records.  The dental practice continued to refuse to provide the patient with records, leading to more legal battles, money, and time wasted.  The grand finale? Over three years from the date of the first request, and countless interventions from the OCR, the practice was fined $70,000.   Less is More As the saying goes, “If you can’t say anything nice, don’t say anything at all.” This rule applies to all forms of communication and also works to avoid HIPAA violations.  While social media brings people together, you must tread a fine line when handling PHI and posting online. One part of this is responding to patient reviews.  You cannot confirm or deny that a patient attended your practice, even if the patient is talking positively about their experience there. If you’d like to use someone’s story for marketing materials, like a before-and-after photo of their smile, ensure they sign a consent form.  If someone leaves a negative review, you cannot defend your practice by sharing information about the patient. For example, if a patient consistently posts bad reviews but fails to mention that they are always late, you should not call them out publicly online. Instead, address the issue privately and communicate with them securely. Dentists have been fined for social media violations. Dr. U. Phillip Igbinadolor, a dentist in North Carolina, lost his temper after a patient left a negative review on the practice’s Google page. After the dentist posted PHI in response, ridiculing the patient, the patient reported him to the OCR.  As a result, the OCR fined the practice $50,000, showing that the price of failing to simply “keep your words to yourself” can be extraordinarily steep.   Coming Clean is Key With cybercrimes in healthcare skyrocketing and large data breaches due to ransomware attacks increasing by 264%, having the proper safeguards in place is crucial.  While no practice can be completely immune from a breach, the right barriers in place can mitigate risk and minimize impact. However, if your practice is breached, you must notify the OCR and patients quickly.  Under the HIPAA Breach Notification Rule, patients must always be notified within 60 days, regardless of the size of the breach. If the breach affects fewer than 500, your practice must inform the OCR within 60 days after the calendar year in which the event occurred. If a breach affects more than 500, the OCR, and depending on the state, the Attorney General, must be notified within 60 days as well.  The Indiana Attorney General recently fined Westend Dental, a multi-location dental practice in Indiana, for its response to a ransomware attack.  While the breach occurred in October 2020, the practice did not alert the required parties until October 2022, two years after the initial attack. The Attorney General began investigating this attack after a patient complaint, and it was then discovered that the practice attempted to cover up a ransomware attack.  The investigation discovered that, in addition to violating the HIPAA Breach Notification Rule, Westend Dental had improper training, unprotected servers, no Security Risk Analysis (SRA), missing policies, and more.  The outcome? A $350,000 fine from the Attorney General, highlighting the importance of proactive compliance and properly notifying affected parties after a healthcare breach.    How to Protect Your Dental Practice While compliance for your dental practice might feel overwhelming, the right solutions can streamline your compliance program.  Smart software solutions can pinpoint vulnerabilities and provide actionable insights to avoid common pitfalls dental practices face. The right compliance software can also provide a comprehensive hub for everything HIPAA-related for your practice, including right of Access training, social media guidelines, and the SRA.  Meet with a compliance expert today to learn more about streamlining compliance for your dental practice. 

OSHA in Dentistry
Abyde News, Best Practices, OSHA

A Dentist’s Guide to OSHA Compliance

May 15, 2025 No comments yet

May 15, 2025   On a global scale, more than 2 million healthcare workers experience needle-stick injuries on an annual basis. Dentists are at the most at risk, with 59% of dentists studied experiencing needle stick injuries.  Dentists are particularly susceptible to OSHA violations due to the daily use of sharps and the increased possible exposure to bloodborne pathogens and saliva when working in patients’ mouths. Protecting your dental team through safety and compliance isn’t just a good idea—it’s essential. Here’s a clear look at the standard preventive measures for OSHA in dentistry.    First Line of Defense: Training There are numerous safety precautions to keep staff safe, but the first layer of protection is proper training and procedures. Before working with patients, staff must be thoroughly trained on the possible risks and mitigation techniques. Staff must also be provided a walk-through of the practice, assuring they know where all emergency equipment and exits are located.  Training programs must review all possible risks, like sharps, bloodborne pathogens, radiation, etc. Videos and training materials must be easily accessible for staff to review. All relevant policies outlining compliant procedures for various situations must also be accessible to all staff members. Training is the foundation of a compliant practice, and with proper OSHA in dentistry training, your staff can feel confident handling any situation.    Always Wear Personal Protective Equipment  While it might not always be the most fashionable decision, wearing Personal Protective Equipment (PPE) is imperative to keep staff safe.  It is key that staff always wear PPE when working with patients. PPE can be defined as gloves, masks, gowns, face shields, and more. By wearing PPE, your staff have a barrier when working with patients, minimizing the risks of exposure.  PPE must be provided to staff free of charge, cultivating a safe environment. Staff must also be appropriately trained to use PPE when working with patients, ensuring all know the necessary steps to protect themselves. PPE minimizes exposure to risks by limiting contact with patients, and is a staple for a safe healthcare practice.    Stay Sharp: Handling Needles Carefully  Dentists are well aware of the risks associated with working with needles, scalers, and other sharps.  Use sharps carefully and utilize devices with safety features when working with sharps. Many sharps have preventative measures, like retractable needles after use, self-sheathing blades, and reinforced containers for sharps.  When using sharps, ensure your staff wear gloves and other applicable PPE. Sharps handling, from initial use on a patient to disposal, requires strict adherence to safety protocols to minimize the risk of accidental sticks and the transmission of bloodborne pathogens.   Bloodborne Pathogens 101  Working in healthcare, especially dentistry, puts staff at risk for exposure to bloodborne pathogens. Bloodborne pathogens are microorganisms that cause disease, like hepatitis B, C, and HIV. The World Health Organization states that 3 million healthcare workers are exposed to bloodborne diseases through skin puncture injuries each year. With PPE and appropriate sharps equipment, your staff is already significantly mitigating risk.  However, if a sharp needle or blade pricks a staff member, it is essential to receive First Aid to protect the wound immediately. The staff member should have their blood tested as soon as possible. Depending on the situation, time is of the essence after a sharps incident. Some diseases, like HIV, can be prevented within 3 days of exposure.  While it can be overwhelming, staff must stay calm and follow the proper procedures after an incident, with most sharps incidents not resulting in an infection.    Simplifying OSHA Compliance As you can see, handling OSHA compliance in dentistry can be daunting. With the correct compliance program to address numerous risks, your dental staff can feel secure and concentrate on delivering excellent patient care. Intelligent OSHA software offers automatically generated policies, required forms, and training resources in a centralized compliance hub, providing a documented compliance program for your team. Meet with a compliance expert today to learn more about how you can streamline your OSHA compliance program. 

Want an inside look at how the OCR operates? Join Iliana Peters, former Acting Deputy Director for HIPAA at the HHS OCR, and Abyde experts for a live discussion.

 

REGISTER NOW
X