Brosy Family Dentistry

Hippa & Privacy Policy

HIPAA & Privacy Policy

Privacy—it’s something we all value, even if there’s nothing particularly sensitive in our personal information that could possibly be used against us. Just the same, we like to know that certain information will be disclosed only to the people to which we choose to disclose it. Patients of those working in health care services want to know that they can trust that their information will not be shared with anyone who does not have a legitimate need to know it. As of April 14, 2003, the management of patients’ information is held to new privacy standards. These standards, part of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, require some extra work on the part of dental offices.

Dentist offices are subject to the Health Insurance Portability and Accountability Act (HIPAA) of 1996

HIPAA was enacted originally to address the electronic transmission of health information. However, in 2001, the privacy rule was created by the Department of Health and Human Services, the entity responsible for monitoring compliance with HIPAA. In addition, HIPAA requires security to be in place in the event that protected health information is disclosed.

The HIPAA Privacy Rule

HIPAA is applicable to protected health information. Protected health information is any oral or written information about a patient that relates to the physical or mental condition of a patient. HIPAA applies to “covered entities,” which are statutorily defined as those entities which receive, use or are exposed to protected, private patient health information. Therefore, dentists’ offices are included in HIPAA’s reach.

HIPAA Privacy Rule Compliance

In order to comply with HIPAA, it is necessary for a dental office to take measures to protect the patients’ protected health information. One routine dental office procedure to comply with HIPAA includes having patients sign a document which states who can receive their health information. Furthermore, the dental office must create and maintain a HIPAA privacy policy and procedures in order to comply with the privacy rule. In addition, the office usually presents an explanation of the privacy policies and procedures for the patients’ review and acknowledgement.

HIPAA Security Rule

Pursuant to HIPAA, there must be security efforts by a covered entity which handles the electronic storage and transmission of patient protected health information. This is known as the HIPAA security rule. Under this rule, a provider has to provide HIPAA employee training in the handling of patients’ electronic records. In addition, the computer system must be password protected, contain back up emergency disaster plans and firewall protection. Therefore, a dental office must take steps to ensure the office complies with this requirement. In addition, the patient must be notified if there are any security breaches.

HIPAA and Paper Transactions

It is important to note that a dental office may possibly be exempt from HIPAA. If a dentist handles insurance or other business transactions on paper, that transaction is not subject to the privacy rules. However, when the paper is exchanged or input into electronic form at some point, such as where the paper is submitted to an insurer, then the transaction is subject to HIPAA.

HIPAA Enforcement

In 2006, the final enforcement rule for HIPAA was released. This enforcement rule indicates the procedure for complaints of HIPAA violations and provides for civil monetary penalties that can be assessed for violations of HIPAA. The United States Department of Health and Human Services, in conjunction with other state and/or federal departments administers the enforcement of HIPAA.





We are required by applicable federal and state law to maintain the privacy of your health information. We are also required to give you this Notice about our privacy practices, our legal duties, and your rights concerning your health information. We must follow the privacy practices that are described in this Notice while it is in effect. This Notice takes effect April 14, 2003, and will remain in effect until we replace it. We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law. We reserve the right to make the changes in our privacy practices and the new terms of our Notice effective for all health information that we maintain, including health information we created or received before we made the changes. Before we make a significant change in our privacy practices, we will change this Notice and make the new Notice available upon request. You may request a copy of our Notice at any time. For more information about our privacy practices, or for additional copies of this Notice, please contact us using the information listed at the end of this Notice.


We use and disclose health information about you for treatment, payment, and healthcare operations. For example:

Treatment: We may use or disclose your health information to a physician or other healthcare provider providing treatment to you.

Payment: We may use and disclose your health information to obtain payment for services we provide to you.

Healthcare Operations: We may use and disclose your health information in connection with our healthcare operations. Healthcare operations include quality assessment and improvement activities, reviewing the competence or qualifications of healthcare professionals, evaluating practitioner and provider performance, conducting training programs, accreditation, certification, licensing or credentialing activities.

Your Authorization: In addition to our use of your health information for treatment, payment or healthcare operations, you may give us written authorization to use your health information or to disclose it to anyone for any purpose. If you give us an authorization, you may revoke it in writing at any time. Your revocation will not affect any use or disclosures permitted by your authorization while it was in effect. Unless you give us a written authorization, we cannot use or disclose your health information for any reason except those described in this Notice.

To Your Family and Friends: We must disclose your health information to you, as described in the Patient Rights section of this Notice. We may disclose your health information to a family member, friend or other person to the extent necessary to help with your healthcare or with payment for your healthcare, but only if you agree that we may do so.

Persons Involved In Care: We may use or disclose health information to notify, or assist in the notification of (including identifying or locating) a family member, your personal representative or another person responsible for your care, of your location, your general condition, or death. If you are present, then prior to use or disclosure of your health information, we will provide you with an opportunity to object to such uses or disclosures. In the event of your incapacity or emergency circumstances, we will disclose health information based on a determination using our professional judgment disclosing only health information that is directly relevant to the person’s involvement in your healthcare. We will also use our professional judgment and our experience with common practice to make reasonable inferences of your best interest in allowing a person to pick up filled prescriptions, medical supplies, x-rays, or other similar forms of health information.

Marketing Health-Related Services: We will not use your health information for marketing communications without your written authorization.

Sale of Health Information: We will not sell your health information, although HIPPA says we need to have a statement about this, saying we must have your authorization if we were to sell your health information.

Fundraising: We don’t ask our patients to participate in fundraising, but we’re required to tell you that if we did, you have the option to opt out.

Required by Law: We may use or disclose your health information when we are required to do so by law.

Abuse or Neglect: We may disclose your health information to appropriate authorities if we reasonably believe that you are a possible victim of abuse, neglect, or domestic violence or the possible victim of other crimes. We may disclose your health information to the extent necessary to avert a serious threat to your health or safety or the health or safety of others.

National Security: We may disclose to military authorities the health information of Armed Forces personnel under certain circumstances. We may disclose to authorized federal officials health information required for lawful intelligence, counterintelligence, and other national security activities. We may disclose to correctional institution or law enforcement official having lawful custody of protected health information of inmate or patient under certain circumstances.

Appointment Reminders: We may use or disclose your health information to provide you with appointment reminders (such as voicemail messages, postcards, or letters).

Paying Out of Pocket: We agree to restrict the disclosure of PHI (for payment or health care operations) to a health plan when the patient paid for the service or item in question out of pocket in full.


Access: You have the right to look at or get copies of your health information, with limited exceptions. You may request that we provide copies in a format other than photocopies. We will use the format you request unless we cannot practicably do so. (You must make a request in writing to obtain access to your health information. You may obtain a form to request access by using the contact information listed at the end of this Notice. We may charge you a reasonable cost-based fee for expenses such as copies and staff time. You may also request access by sending us a letter to the address at the end of this Notice. You may request copies of your electronic records

Disclosure Accounting: You have the right to receive a list of instances in which we or our business associates disclosed your health information for purposes, other than treatment, payment, healthcare operations and certain other activities, for the last 6 years, but not before April 14, 2003. If you request this accounting more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to these additional requests.

Restriction: You have the right to request that we place additional restrictions on our use or disclosure of your health information. We are not required to agree to these additional restrictions, but if we do, we will abide by our agreement (except in an emergency).

Alternative Communication: You have the right to request that we communicate with you about your health information by alternative means or to alternative locations. {You must make your request in writing.} Your request must specify the alternative means or location.

Amendment: You have the right to request that we amend your health information. (Your request must be in writing, and it must explain why the information should be amended.) We may deny your request under certain circumstances.

Electronic Notice: If you receive this Notice on our Web site or by electronic mail (e-mail), you are entitled to receive this notice in written form.

Breach Notification An individual has a right to be notified when a breach of his or her unsecured PHI has occurred.


If you want more information about our privacy practices or have questions or concerns, please contact us. If you are concerned that we may have violated your privacy rights, or you disagree with a decision we made about access to your health information or in response to a request you made to amend or restrict the use or disclosure of your health information or to have us communicate with you by alternative means or at alternative locations, you may complain to us using the contact information listed at the end of this Notice. You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address to file your complaint with the U.S. Department of Health and Human Services upon request. We support your right to the privacy of your health information. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.

Contact : Erin Anderson, DMD