A Patient's Right to Privacy: Who Has Access to Dental Records?

April 12, 2021

By  Erick Cutler CPA

The information that your patients provide to dentists and other health providers is extremely private and personal. In the past few years, there has been a renewed interest in ensuring the privacy of patients' personal health information. Last year, the Texas Legislature passed changes to the state’s medical privacy laws that strengthened requirements for the health providers who collect and maintain private medical records, particularly those that are stored electronically. These provisions, which are outlined in Texas Health & Safety Code Section 181, go beyond the federal HIPAA law’s requirements for the security of digital records.

The most significant difference between HIPAA and Texas' new law, the Texas Medical Records Privacy Act, is the amount of training that dentists must provide to dental hygienists and other practice employees with respect to protecting a patient’s privacy. Another important provision of the law is the ban on selling a patient’s private health information to third parties.

In an increasingly digital world, providers and physicians are tasked with the monumental task of preventing a breach of privacy. The security of Protected Health Information, or PHI, is your practice's responsibility, and these tips can help you ensure that you're keeping your patients records as secure as possible.

1. You must inform your patients of how you will use their information.

According to Texas Attorney General Greg Abbott’s office, you must inform your patients of how their dental records will be used and if you plan to share them with any third party. A written outline of privacy policies should be provided to each patient to read and sign, typically upon the patient's first visit to your practice. If you make any revisions to your privacy policies, you must inform your patients. It's important that you keep your patients in the loop of who you will be sharing their information with – for both legal reasons and their peace of mind.

2. You may only share patient information with specific third parties, and only for certain reasons.

Outside of the employees in your office, few people should have access to your patients' records. You may share these records with insurance companies for the purpose of adjudicating claims, but may not share them with companies who plan to use the records for marketing or sales purposes. You may also, without authorization, share medical information about a patient with another physician or healthcare provider who is treating the patient. If a court subpoenas medical records, you must provide them. If your patient becomes incapacitated, you may also share dental records "in the exercise of medical judgment." Health oversight agencies may also request access to your practice's records in the process of an audit or investigation. It's important to communicate which parties will have access to your patient's medical records, and you may need to pay special attention to patients who may have individualized privacy needs.

3. Patients have a right to receive their correct, complete medical records.

The new Texas medical privacy law is more stringent than HIPAA in that it requires that electronic dental records be provided to patients within 15 days of their request, as opposed to HIPAA's 30-day requirement. These records must be provided electronically unless the patient requests otherwise, and you may not charge them for retrieval of these records. By law, a dental practice is required to maintain a patient's records for five years after their last visit to your office. If a patient finds errors in their medical record, they have a right to request that the errors are corrected. If you, as the dentist, feel that the records are correct, you must explain why in writing to the patient.

Navigating privacy laws and requirements can be extremely confusing, especially as the technology for maintaining records outpaces the laws that govern them. If you have any concerns about the way your practice secures protected health information, the Texas State Board of Dental Examiners can help you ensure that your policies are in compliance with state and federal laws. 

About Erick Cutler

Erick Cutler is a Partner in the Private Business Services Group, with nearly 25 years of public accounting experience including health care and the real estate industry.