MCNA Dental
Dental Details  •  Monthly Provider Newsletter
Texas Edition  •  June 2022
Corporate Website
Social Media Profiles
Texas Provider Hotline
1-855-776-6262
 
The Health Insurance Portability and Accountability Act (HIPAA) and Protected Health Information (PHI)
The Health Insurance Portability and Accountability Act (HIPAA) and Protected Health Information (PHI)

As a healthcare provider, your office is a covered entity as defined under HIPAA. Your office is required to comply with all aspects of the HIPAA regulations and rules that are in effect or that will go into effect as indicated in the final publications of HIPAA rules.

MCNA is a covered entity and has taken the required steps to become compliant with all aspects of the HIPAA rules and regulations. The HIPAA Privacy Rule protects all ...

Quality Improvement
The Health Insurance Portability and Accountability Act (HIPAA) and Protected Health Information (PHI)

As a healthcare provider, your office is a covered entity as defined under HIPAA. Your office is required to comply with all aspects of the HIPAA regulations and rules that are in effect or that will go into effect as indicated in the final publications of HIPAA rules.

MCNA is a covered entity and has taken the required steps to become compliant with all aspects of the HIPAA rules and regulations. The HIPAA Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form of media, whether electronic, paper, or verbal. The Privacy Rule calls this information protected health information (PHI), and the requirements apply to both electronic medical records and paper medical records.

Individually identifiable health information is information, including demographic data, that relates to:

  • The individual's past, present or future physical or mental health or condition
  • The provision of health care to the individual
  • The past, present, or future payment for the provision of health care to the individual

This is any information that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. Individually identifiable health information (IIHI) includes many common identifiers (e.g., name, address, birth date, Social Security Number).

A central component of the Privacy Rule is the principle of "minimum necessary" use and disclosure. A covered entity must make reasonable efforts to use, disclose, and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request. A covered entity must develop and implement policies and procedures to reasonably limit uses and disclosures to the minimum necessary. When the minimum necessary standard applies to a use or disclosure, a covered entity may not use, disclose, or request the entire medical record for a particular purpose, unless it can specifically justify the whole record as the amount reasonably needed for the purpose.

The minimum necessary requirement is not imposed in any of the following circumstances:

  • Disclosure to or a request by a healthcare provider for treatment
  • Disclosure to an individual who is the subject of the information, or the individual's personal representative
  • Use or disclosure made pursuant to an authorization
  • Disclosure to HHS for complaint investigation, compliance review, or enforcement
  • Use or disclosure that is required by law
  • Use or disclosure required for compliance with the HIPAA Transactions Rule or other HIPAA Administrative Simplification Rules

Because dental records are legal documents, providers should be familiar with additional state requirements that may apply in the area of record keeping and of delivery of dental services in locations other than private offices.