Ensuring Effective Compliance in Your Dental Practice 

Working in a busy dental practice, making time to worry about compliance is difficult. You can spend days researching what you need to do for effective compliance. There’s a simple way to ensure HIPAA and OSHA compliance in your practice, following the Seven Elements of an Effective Compliance Program. 

The Seven Elements of an Effective Compliance Program 

The Health Care Fraud Prevention and Enforcement Action Team (HEAT) Office of Inspector General (OIG) issued a series of guidelines called The Seven Fundamental Elements of an Effective Compliance Program.  

The Seven Elements articulate the measures that OIG has deemed absolutely essential to a compliance program that will effectively protect protected health information (PHI) and associated patient data, and ensure that federal compliance regulation is being maintained. 

1. Implementing written policies, procedures, and standards of conduct 
2. Designating a compliance officer 
3. Conducting effective training and education 
4. Developing effective lines of communication 
5. Conducting internal monitoring and auditing 
6. Enforcing standards through well-publicized disciplinary guidelines 
7. Responding promptly to detected offenses and undertaking corrective action 

These guidelines are a bit broad in scope in order to accommodate the differences among healthcare organizations. However, just because there are differences in the manner that a practice manages their compliance, doesn’t mean they aren’t held to the same standards in regards to their security, privacy, and safety practices. 

Policies, Procedures, and Standards of Conduct 

Policies, procedures, and standards of conduct outline how your practice and employees are expected to behave. From a HIPAA standpoint, these should cover how to handle sensitive patient information, how the information is protected, and what to do if there is a breach. Regarding OSHA compliance, these will outline protection from hazards, disinfecting procedures, and reporting injuries or illnesses. 

Designating a Compliance Officer 

Designating a Compliance Officer is essential to ensuring that your practice follows policies, procedures, and standards of conduct. They are also responsible for handling responses to reported breaches or incidents, and implementing corrective actions. This person can be the same for HIPAA and OSHA compliance.  

Effective Training and Education 

All employees must receive HIPAA and OSHA training. Employee training protects both the employee as well as patients. Without effective training, your practice is vulnerable to breaches, and staff and patients could experience an injury or illness that would otherwise have been prevented. 

Employees must receive regular training, at least annually, or when there is a change in your practice. For example, say you were previously only using paper charts in your office and you switch to digital records, your policies and procedures must be updated and employees must be trained how to use the system while maintaining patient confidentiality.  

Effective Lines of Communication 

Effectively communicating to staff members their compliance obligations is essential. In addition, employees should be aware of who to report suspected incidents, and injury or illness to – your Compliance Officer. 

Internal Monitoring and Auditing 

Ensuring employees are following compliance standards prevents violations and costly fines. Risk assessments and monitoring of HIPAA and OSHA efforts are also significant in compliance. Risk assessments identify where your policies, procedures, or standards of conduct are lacking. When there is a change in your business practices, conducting a risk assessment is essential to identify new areas of vulnerability.  

Well-publicized Disciplinary Guidelines 

Employees must be aware of repercussions for failing to follow HIPAA and OSHA guidelines. Without well-publicized disciplinary guidelines, enforcing compliance can be difficult and lead to unequal treatment of employees should a violation occur. 

Responding to Offenses and Corrective Action 

There are standards under HIPAA and OSHA for reporting and responding to incidents. Under HIPAA, breaches of patient information must be reported promptly. A breach affecting 500 or more patients must be reported within 60 days of discovery to the Office for Civil Rights (OCR). Breaches that affect less than 500 patients should be noted throughout the year and reported by March 1st of the following year. In both cases, patients must be informed within 60 days of discovery. 

Under OSHA, injury and illness reporting requirements differ based on the severity of the incident. Some injuries must be reported immediately, whereas others give practices a grace period to do so. 

Contributed by Compliancy Group 

Compliancy Group provides dental practices with software to meet HIPAA and OSHA requirements efficiently. HIPAA and OSHA training, self-assessments, and policy management can be done in a central location. As the only HIPAA and OSHA software endorsed by the AAE, dentists can be confident in their compliance program. Become compliant today!