Compliance a Big Concern for Dentists

compliance hipaa osha over dentist

One of the biggest concerns for any dental practice is compliance with the many regulations and rules that affect the industry, including HIPAA and OSHA.

Staying in compliance is no small feat, especially for independent practices, because rules and regulations come from all sides and the environment, as a whole, is an ever-changing one.


The Health Insurance Portability and Accountability Act (HIPAA) applies to healthcare providers, including dentists.

In a nutshell, HIPAA is in place to make sure that healthcare providers keep their patients’ sensitive information secure.

For dentists, it means a practice that shares their patients’ sensitive information (i.e., information covered by HIPAA) with third parties (e.g., an insurance company), has to take special steps, including appointing someone to manage HIPAA privacy and security.

From the American Dental Association:

Other steps include but are not limited to: reading and understanding all of the requirements, creating a HIPAA compliance team, delegating tasks, performing a risk assessment, devising policies and procedures, training workforce members, and maintaining compliance in an ongoing manner.

Achieving and maintaining compliance is a significant, ongoing effort that requires time, people and resources.

(That last sentence kind of says it all, but we’re just getting started.)


The Occupational Safety and Health Administration (OSHA) is dedicated to preventing injuries and loss of life in workplaces. Naturally, its regulations apply to dental offices as much as they do to construction sites.

All of the standard laws apply to dental offices, including those governing hazard communication, exit routes and electrical wiring.

However, others apply more specifically to dentist offices, including the ones about bloodborne pathogens and ionizing radiation.

For bloodborne pathogens, dentists need to put in place training procedures, universal precautions, color-coded labeling for contaminated or sharp waste, a written plan on what to do if someone is exposed to a bloodborne pathogen and a whole load of other things.

For ionizing radiation (i.e., an x-ray machine), dentists need to establish restricted areas to protect employees from exposure, clearly label those areas as restricted and provide personal radiation monitors for employees working with x-ray machines, among other things.

This quote from OSHA provides an additional summation:

This brochure provides only a glimpse of the most frequently found hazards in medical and dental offices. Many other standards may apply. This information should not be used as a substitute for reading and becoming familiar with all applicable OSHA standards. As an employer, it is up to you to follow up and obtain the full text of the OSHA standards…

Corporate Integrity Agreements

If you get in trouble with the feds, you could find yourself out in the cold regarding federal programs such as Medicare, Medicaid and CHIP (children’s Medicaid).

You may also find yourself under the thumb of the Office of the Inspector General (OIG), which can slap a corporate integrity agreement on you.

From the OIG:

OIG negotiates corporate integrity agreements (CIA) with healthcare providers and other entities as part of the settlement of federal health care program investigations arising under a variety of civil false claims statutes.

A comprehensive CIA typically lasts 5 years and includes requirements to:

  • hire a compliance officer/appoint a compliance committee;
  • develop written standards and policies;
  • implement a comprehensive employee training program;
  • retain an independent review organization to conduct annual reviews;
  • establish a confidential disclosure program;
  • restrict employment of ineligible persons;
  • report overpayments, reportable events, and ongoing investigations/legal proceedings; and
  • provide an implementation report and annual reports to OIG on the status of the entity’s compliance activities.

A Labyrinth

But it’s not just HIPAA and OSHA, although those two are at the forefront and are complicated enough to keep any dental practice on its toes. Laws, regulations and administrative rules come from a number of different places.

Such as…

  • The state dental board, along with the state dental practice act plus administrative rules that are often stricter than the act itself.
  • The state radiation control agency, which wants dentists to register their x-ray equipment and comply with a bunch of laws associated with that.
  • The U.S. OIG, which usually has a state counterpart, the Office of the Attorney General (OAG).
  • The U.S. Drug Enforcement Agency (DEA) and the state version of the DEA, along with other agencies governing pharmaceuticals.
  • The U.S. Department of Labor and the state department of labor, along with the U.S. Department of Homeland Security, which wants to make sure dentists hire only people who can lawfully work in the country.
  • The insurance carriers, which want dentists to properly code, document and bill for the care they provide.
  • The Federal Bureau of Investigation and the U.S. Department of Justice, as well as state authorities.

A Significant, Ongoing Effort

Like the ADA says, keeping abreast of regulations such as HIPAA is a significant, ongoing effort that requires time, people and resources.

Add in regulations and rules from OSHA and all the others, and it’s a labyrinth. For independent practices, in particular, it’s a labyrinth that can be very difficult to successfully move through.


By Charlie Smith