Protected Health Information (PHI) in Dentistry

The information provided in this article is intended for use by licensed dental and healthcare professionals only, for informational purposes only, and does not constitute medical or dental advice or replace clinical judgment. The treating clinician bears sole responsibility for all diagnostic and therapeutic decisions made in connection with patient care.

In dentistry, PHI stands for Protected Health Information. Under HIPAA, it refers to any identifiable patient data—including name, address, X-rays, treatment plans, and billing records—that dental practices must keep secure, whether in electronic, paper, or oral form.

Dental PHI:

  • Patient Identifiers: Names, addresses, phone numbers, birth dates, and Social Security numbers.
  • Clinical Records: X-rays, intraoral photos, charts, and treatment plans.
  • Administrative Data: Appointment dates, scheduling notes, and insurance information.
  • Financial Records:
    Payment history and billing statements.

HIPAA and Dandy:

  • All of the software that we use is HIPAA-compliant
    • We also establish a Business Associate Agreement (BAA) to enhance HIPAA compliance.
  • Keeping personal information to a minimum
    • We do use patient-specific information for billing purposes; however, we avoid it when we can.

PHI on Lab Boxes

  • Recently, Dandy has become aware that patient names are laser-etched on lab boxes.
    • This makes them identifiable and trackable, but creates a challenge if offices dispose of them or use them for alternate purposes.
    • Presently, the names will remain on the boxes to aid in identification as we look for a remedy to this challenge.
  • Removal Recommendations:
    • Abrasive Polishing Device
      • Heatless Stone
      • Rubber Wheel
      • Green Stone
      • Dental Bur
      • Rough Pumice and Rag Wheel
Was this article helpful?
0 out of 0 found this helpful