New employees?
New devices? New risks!
The ADA HIPAA Kit helps you
keep up with a changing workplace.
B E S T S E L L E R ADA Complete HIPAA Compliance Kit
Developing a HIPAA program is a two-part process, and this kit covers them both.
Step 1: Train your staff and learn how to develop your compliance
program with The ADA Practical Guide to HIPAA Training videos.
Level 1 offers an overview of HIPAA basics for the entire dental team.
Level 2 is a more in-depth view for dentists and office managers who
are charged with planning, executing and maintaining the practice’s
HIPAA compliance program.
Step 2: Design and implement your program.
The ADA Practical Guide to HIPAA Compliance: Privacy and Security
Manual guides you step-by-step in plain language to ensure that
you understand the information you need to be compliant. Once you
have a handle on the “hows” of compliance, you can download and
customize form templates to fit your practice needs.
The kit includes:
• The ADA Practical Guide to HIPAA Compliance: Privacy and
Security Manual with digital forms
• The ADA Practical Guide to HIPAA Training streaming videos
J598BT Spiral-bound book +booklet +e-book +digital templates +2 streaming videos (Level 1 -27 minutes, Level 2 -45 minutes) |Members $335.95 Retail $502.95
The ADA Practical Guide to HIPAA Compliance ISBN: 978-1-935201-91-5 |The ADA Practical Guide to HIPAA Training ISBN: 978-1-68447-094-5
Level 1—Earn 1 hour CE credit.*
Level 2—Earn 2 hours CE credit.*
*CE tests are subject to a $20 grading fee per test.
Complying with the HIPAA Breach Notification Rule
HIPAA requires a covered dental practice to have written policies and procedures on breach notification and to adhere
to them before, during and after a breach. Failure to do so can result in penalties.
This user-friendly book will guide you through the steps of creating a HIPAA-compliant breach notification program, emphasizing how
to prevent breaches and how to react if a breach is suspected. Even a dental practice that is fully HIPAA compliant can have a data
breach, but preparation can help manage stress, expenses and even help prevent missteps if a data breach does occur.
This guide walks you through the requirements of the HIPAA Breach Notification Rule, explains what a breach is and how to
send a breach notification and includes tips and sample forms that can help smooth the way to compliance.
The time you spend developing and implementing your HIPAA compliance program is time well spent.
This book includes how to:
• Secure protected health information (PHI)
• Send a breach notification
• Notify affected individuals
• Notify the Office of Civil Rights (OCR)
• Delete social media posts
• Encrypt a computer
It also addresses:
• Written policies and procedures
• Training
• Document retention
• Ransomware
• Sample forms
• Enforcement examples
J58122BT Perfect-bound book +e-book, 168 pages
Members $109.95 Retail $164.95
Book ISBN: 978-1-68447-170-6 |e-book ISBN: 978-1-68447-171-3
© 2023 American Dental Association l 9
Introduction to HIPAA and the HIPAA Breach Notification Rule
Examples of incidents that may be breaches of unsecured PHI
Here are some examples of possible breaches:
• A dentist inadvertently leaves an unencrypted phone containing PHI on
a store counter
• A thief breaks into a dentist’s car, home, or practice and steals an
unencrypted laptop, tablet, or desktop containing PHI
• A business associate of the dental practice notifies the dental practice
of a data breach or an incident that might, after an investigation, be
deemed a breach
• A dental practice disposes of unshredded paper documents containing
PHI in the regular trash or recycling
• An employee accesses PHI such as Social Security numbers or credit card
numbers without authorization
• A dental practice workforce member looks at a patient’s file out of curiosity
• A dental practice workforce member mentions a patient’s condition,
treatment, or payment for dental care to a friend or family member
• A dental practice workforce member takes paper PHI out of the dental
practice to work on at home and leaves the documents on the bus
• A dental practice workforce member emails unencrypted PHI to the
wrong email address
• A dental practice workforce member sends an email to a group of patients
and enters all of the patients’ email addresses in the “send” field, rather than
sending the email to the dental practice itself and blind copying
patients
• A hacker obtains a patient’s dental plan information and other information
about the patient and uses the information to obtain dental care for
himself or a family member
© 2023 American Dental Association l 91
Appendix F
Sample Formstheofall
Sample Investigation Worksheet for Suspected Data
Breaches of Protected Health Information
This sample investigation worksheet shows how a dental practice might document its
investigation of an incident that is a suspected breach and determine whether notification
is required by HIPAA. HIPAA doesn’t require an investigation worksheet, but it does
require documentation of some elements included on this form, like the four-factor test.
An investigation worksheet could help fulfill the documentation requirement.
The end of the form has next steps that need to be followed if the investigation reveals
that breach notification is required.
Investigation Worksheet
Is this situation urgent? If you determine that the situation is urgent because
unsecured protected health information (PHI) might be misused, HIPAA lets you
provide information to individuals by phone or other means, in addition to providing
breach notification as required by HIPAA.
1. Who is filling out this worksheet?
2. Who discovered the suspected data breach?
a. Is this person a workforce member of the dental office? n Yes n No
b. Is this a business associate of the dental office? n Yes n No
If YES, name and address of the business associate:_________________________
_____________________________________________________________________
c. Is this person neither a workforce member nor a business associate? n Yes n No
If YES, what is the person’s relationship to the dental office? _________________
_____________________________________________________________________
“ I would highly
recommend this
product to keep
you compliant
for little cost.
It was concise
and it was easy to
customize to my
personal practice.”
-Dr. Melissa Padgett,
Boardman, OH
ORDER BY PHONE: 800.947.4746 16 17 ORDER ONLINE: ADASTORE.ORG
HIPAA
c
o
m
p
l
i
a
n
c e
New devices? New risks!
The ADA HIPAA Kit helps you
keep up with a changing workplace.
B E S T S E L L E R ADA Complete HIPAA Compliance Kit
Developing a HIPAA program is a two-part process, and this kit covers them both.
Step 1: Train your staff and learn how to develop your compliance
program with The ADA Practical Guide to HIPAA Training videos.
Level 1 offers an overview of HIPAA basics for the entire dental team.
Level 2 is a more in-depth view for dentists and office managers who
are charged with planning, executing and maintaining the practice’s
HIPAA compliance program.
Step 2: Design and implement your program.
The ADA Practical Guide to HIPAA Compliance: Privacy and Security
Manual guides you step-by-step in plain language to ensure that
you understand the information you need to be compliant. Once you
have a handle on the “hows” of compliance, you can download and
customize form templates to fit your practice needs.
The kit includes:
• The ADA Practical Guide to HIPAA Compliance: Privacy and
Security Manual with digital forms
• The ADA Practical Guide to HIPAA Training streaming videos
J598BT Spiral-bound book +booklet +e-book +digital templates +2 streaming videos (Level 1 -27 minutes, Level 2 -45 minutes) |Members $335.95 Retail $502.95
The ADA Practical Guide to HIPAA Compliance ISBN: 978-1-935201-91-5 |The ADA Practical Guide to HIPAA Training ISBN: 978-1-68447-094-5
Level 1—Earn 1 hour CE credit.*
Level 2—Earn 2 hours CE credit.*
*CE tests are subject to a $20 grading fee per test.
Complying with the HIPAA Breach Notification Rule
HIPAA requires a covered dental practice to have written policies and procedures on breach notification and to adhere
to them before, during and after a breach. Failure to do so can result in penalties.
This user-friendly book will guide you through the steps of creating a HIPAA-compliant breach notification program, emphasizing how
to prevent breaches and how to react if a breach is suspected. Even a dental practice that is fully HIPAA compliant can have a data
breach, but preparation can help manage stress, expenses and even help prevent missteps if a data breach does occur.
This guide walks you through the requirements of the HIPAA Breach Notification Rule, explains what a breach is and how to
send a breach notification and includes tips and sample forms that can help smooth the way to compliance.
The time you spend developing and implementing your HIPAA compliance program is time well spent.
This book includes how to:
• Secure protected health information (PHI)
• Send a breach notification
• Notify affected individuals
• Notify the Office of Civil Rights (OCR)
• Delete social media posts
• Encrypt a computer
It also addresses:
• Written policies and procedures
• Training
• Document retention
• Ransomware
• Sample forms
• Enforcement examples
J58122BT Perfect-bound book +e-book, 168 pages
Members $109.95 Retail $164.95
Book ISBN: 978-1-68447-170-6 |e-book ISBN: 978-1-68447-171-3
© 2023 American Dental Association l 9
Introduction to HIPAA and the HIPAA Breach Notification Rule
Examples of incidents that may be breaches of unsecured PHI
Here are some examples of possible breaches:
• A dentist inadvertently leaves an unencrypted phone containing PHI on
a store counter
• A thief breaks into a dentist’s car, home, or practice and steals an
unencrypted laptop, tablet, or desktop containing PHI
• A business associate of the dental practice notifies the dental practice
of a data breach or an incident that might, after an investigation, be
deemed a breach
• A dental practice disposes of unshredded paper documents containing
PHI in the regular trash or recycling
• An employee accesses PHI such as Social Security numbers or credit card
numbers without authorization
• A dental practice workforce member looks at a patient’s file out of curiosity
• A dental practice workforce member mentions a patient’s condition,
treatment, or payment for dental care to a friend or family member
• A dental practice workforce member takes paper PHI out of the dental
practice to work on at home and leaves the documents on the bus
• A dental practice workforce member emails unencrypted PHI to the
wrong email address
• A dental practice workforce member sends an email to a group of patients
and enters all of the patients’ email addresses in the “send” field, rather than
sending the email to the dental practice itself and blind copying
patients
• A hacker obtains a patient’s dental plan information and other information
about the patient and uses the information to obtain dental care for
himself or a family member
© 2023 American Dental Association l 91
Appendix F
Sample Formstheofall
Sample Investigation Worksheet for Suspected Data
Breaches of Protected Health Information
This sample investigation worksheet shows how a dental practice might document its
investigation of an incident that is a suspected breach and determine whether notification
is required by HIPAA. HIPAA doesn’t require an investigation worksheet, but it does
require documentation of some elements included on this form, like the four-factor test.
An investigation worksheet could help fulfill the documentation requirement.
The end of the form has next steps that need to be followed if the investigation reveals
that breach notification is required.
Investigation Worksheet
Is this situation urgent? If you determine that the situation is urgent because
unsecured protected health information (PHI) might be misused, HIPAA lets you
provide information to individuals by phone or other means, in addition to providing
breach notification as required by HIPAA.
1. Who is filling out this worksheet?
2. Who discovered the suspected data breach?
a. Is this person a workforce member of the dental office? n Yes n No
b. Is this a business associate of the dental office? n Yes n No
If YES, name and address of the business associate:_________________________
_____________________________________________________________________
c. Is this person neither a workforce member nor a business associate? n Yes n No
If YES, what is the person’s relationship to the dental office? _________________
_____________________________________________________________________
“ I would highly
recommend this
product to keep
you compliant
for little cost.
It was concise
and it was easy to
customize to my
personal practice.”
-Dr. Melissa Padgett,
Boardman, OH
ORDER BY PHONE: 800.947.4746 16 17 ORDER ONLINE: ADASTORE.ORG
HIPAA
c
o
m
p
l
i
a
n
c e
