In 2020, during the height of the COVID-19 pandemic, the Department of Health, and Human Services (HHS) Office for Civil Rights (OCR) decided it would temporarily relax guidelines for HIPAA compliance via teledentistry for covered healthcare providers. This temporary policy was important under the COVID-19 Public Health Emergency (PHE) and allowed teledentistry providers to continue patient care.
HIPAA compliance for teledentistry is not new. In fact, for several years prior to COVID, teledentistry best practices and regulations emphasized the need for data security and HIPAA compliance in both asynchronous (recorded) and synchronous (live) modes.
HHS temporarily suspended these best practices during the pandemic to ensure dental emergencies could be triaged and dentists and patients could stay connected to care while dental practices were shut down. Often during the pandemic patients were provided with interim measures, such as prescriptions for antibiotics and pain control medications while a strategy was put in place for safe treatment options.
In an effort to maintain patient engagement and practice loyalty while unable to physically see their patients, many DSOs opted to implement easy to use, yet robust, secure and HIPAA compliant teledentistry solutions such as TeleDent by MouthWatch. This enabled dental groups and DSOs to continue to provide patient care that did not require in-office treatment, such as virtual evaluations and consultations and guidance for preventive oral care at home.
However, many other DSOs and groups quickly gravitated towards technologies they were already using and familiar with, such as business-oriented video conferencing software, phone calls and/or social media video applications. At the time, this was understandable, considering the lack of availability of in-person dental care due to an effort to mitigate risks of exposure to an unknown respiratory infection.
But these technologies that were once acceptable as substitutes for compliant teledentistry solutions can no longer be used for this purpose. That’s because the Human Services (HHS) Office for Civil Rights (OCR) announced that its suspension of the temporarily relaxed teledentistry guidelines, which expired at 11:59 p.m. on May 11 due to the end of the PHE, will once again impose penalties for HIPAA noncompliance against covered healthcare providers. What’s more, it announced that dental offices would have until Wednesday, August 9th to implement a HIPAA complaint teledentistry and/or patient monitoring solution. The penalty for not doing so can be tens of thousands of dollars, at the discretion of the agency.
Perhaps most importantly, patient data, when not adequately protected, is highly vulnerable to hackers who are highly incentivized to steal your patients’ data. That’s because patient health records command the highest price on the illegal market. In 2020, Experian reported that “a single patient record can sell for upwards of $1,000 on the black market, depending on how complete the record is – This is nearly fifty times higher than standard credit card records.”
The reason for this is that patient health records usually contain an individual’s most complete personal and demographic information, compared to that of a single piece of information revealed during a financial services breach.
The clock is rapidly ticking for DSOs and dental groups to select and implement a HIPAA compliant teledentistry platform, which can present a new opportunity to drive efficiency and enhance the patient experience. But this is not necessarily a bad thing. The COVID pandemic revealed and re-emphasized the many non-emergency benefits of virtual consultations, including significant improvements in the following areas:
- Explaining treatment plans, patient education and a consistent and correct home care program tailored to your patient’s needs.
- Increasing case acceptance
- Improving efficiency and clinical workflows
- Reserving chair time for treatment
- Improving patient convenience, and
- Reducing No-Shows
To leverage the non-emergency benefits of teledentistry while also maintaining HIPAA compliance, here are a few questions to keep in mind when selecting the right solution for your group or DSO:
- Is it HIPAA compliant?
- Was it designed specifically for dentistry?
- Does it use end-to-end encryption for security?
- Can it be integrated with your practice management software system?
- Can patient data be easily stored, organized, and retrieved?
- Can it efficiently scale to accommodate demand during busy times, like at the end of the year or before school starts, or when groups or DSOs are scaling up to meet growing demand?
- Does it include a secure patient portal for clinical interactions with patients, including their secure access to PHI?
- Is it mobile friendly for both patients and providers?
- Can it operate in asynchronous (recorded), as well as synchronous (live) modes?
For a comprehensive list of questions to ask a
prospective teledentistry vendor, click here.
With the sunsetting of COVID-19 PHE, groups and DSOs will need a HIPAA-compliant teledentistry solution to avoid potential fines and penalties. There’s very little time to evaluate options and ensure you select a solution designed specifically for dentistry that delivers practice building benefits, while also protecting your patient’s personal information, August 9th is the deadline!
About the Author:
Jamie Collins, RDH-EA,BS, is a licensed hygienist in Idaho and Washington states dedicated to advancing the dental profession. With over twenty years in the dental field, Jamie continues to be involved in many aspects of patient care. Her passion for patient care, especially for those with higher risk factors, motivates Jamie to share tips and tricks of the dental profession. Through speaking engagements and writing over 80 articles for various publications, Jamie educates dental professionals worldwide. She is the recipient of the 2021 and 2022 ADHA Trailblazer Award and was the first recipient of the ADHA Standout Seven Corporate Hygienist award in 2022. Jamie is Director of Sales at MouthWatch, LLC (www.mouthwatch.com) and Dentistry One LLC (www.Dentistry.One) and can be contacted at firstname.lastname@example.org.