.svg){kind=icon}
Question
Welcome to a Bite-Size HIPAA® Q&A article, where we answer your questions about how HIPAA applies to your dental practice. We recently received the following question in our Bite-Size HIPAA® Q&A inbox. The writer says:
"I own a small dental practice. I’m confused about HIPAA and dental labs. Are they considered a covered entity? A business associate? What are the HIPAA requirements related to dental labs?"
Thank you for reaching out with your question. HIPAA can be a bit perplexing when it comes to defining different entities within the healthcare landscape. Let's shed some light on the HIPAA requirements related specifically to dental labs.
The HIPAA Law
For starters, it might surprise you to learn that dental labs are not classified as business associates by HIPAA. Under HIPAA regulations, dental labs are categorized as healthcare providers when performing services related to a patient’s treatment which means they are covered entities, just like you. This classification means that dental labs are held to the same standards as other healthcare professionals when it comes to the handling of protected health information (PHI).
This recognition is crucial because it means that you do not need a Business Associate Agreement (BAA) when sharing patient data with a dental lab. HIPAA, specifically in section 164.506, allows covered entities, like your dental practice, to disclose PHI to other covered entities for treatment purposes without the need for a BAA. This provision is important because it acknowledges that sharing patient information with specialists, including dental labs, is an integral part of providing healthcare services. It is also noteworthy to recognize that this is one of just a handful of disclosures where the “minimum necessary” rule does NOT apply. HIPAA allows full sharing of all patient information for treatment purposes between providers.
Summary
In summary, dental labs are not categorized as business associates under HIPAA, but are instead recognized as healthcare providers. Therefore, sharing patient data with a dental lab is treated similarly to sharing data with any other specialist in the healthcare field, such as an orthodontist. You are not required to have a Business Associate Agreement with a dental lab when sharing patient information for treatment purposes and the “minimum necessary” rule does not apply.
Have a HIPAA Question?
If you have a HIPAA question related to the day-to-day operations of your dental practice, feel free to send it my way. My email address is todd(at)bitesizehipaa(dot)com. I can’t promise I’ll be able to get to every question submitted, but I’ll do my best to find the most applicable ones to address in future Bite-Size HIPAA® Q&As.
