A HIPAA strategy for dental schools

Certain health care organizations, including dental schools, should be readying themselves to comply with the numerous requirements described within the administrative simplification section of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The intent of administrative simplification is to streamline the management of health care transactions while protecting the privacy of certain written, oral, and electronic patient information. There are no field-tested plans for implementing the law because only recently has the health care industry begun to respond to the multitude of requirements. It is essential that each organization create a customized compliance plan that best fits its structure and needs. The purpose of this paper is to propose a five-stage theoretical strategy that could assist a dental school in achieving HIPAA compliance. The first stage involves the selection of a HIPAA task force. The second stage selects the applicable HIPAA requirements, determines the current states of confidentiality and security, manages the electronic transactions standards, and composes a gap analysis. The third stage examines risk analysis and management. The fourth stage encompasses technical modifications, policies and procedures, legal input, and training. The fifth stage addresses the maintenance of the implementation.