In dentistry, PHI stands for Protected Health Information. Under HIPAA, it refers to any identifiable patient data—including name, address, X-rays, treatment plans, and billing records—that dental practices must keep secure, whether in electronic, paper, or oral form.
Dental PHI:
- Patient Identifiers: Names, addresses, phone numbers, birth dates, and Social Security numbers.
- Clinical Records: X-rays, intraoral photos, charts, and treatment plans.
- Administrative Data: Appointment dates, scheduling notes, and insurance information.
- Financial Records:
Payment history and billing statements.
HIPAA and Dandy:
- All of the software that we use is HIPAA-compliant
- We also establish a Business Associate Agreement (BAA) to enhance HIPAA compliance.
- Keeping personal information to a minimum
- We do use patient-specific information for billing purposes; however, we avoid it when we can.
PHI on Lab Boxes
- Recently, Dandy has become aware that patient names are laser-etched on lab boxes.
- This makes them identifiable and trackable, but creates a challenge if offices dispose of them or use them for alternate purposes.
- Presently, the names will remain on the boxes to aid in identification as we look for a remedy to this challenge.
- Removal Recommendations:
- Abrasive Polishing Device
- Heatless Stone
- Rubber Wheel
- Green Stone
- Dental Bur
- Rough Pumice and Rag Wheel
- Abrasive Polishing Device