HITECH and HIPAA: Applications for all Dentists Regarding Incentive Payments

Confusion about federal Medicare and Medicaid incentive payments and their application to dentistry abounds. By now, most dentists know that if they do not see Medicare or Medicaid patients, there are no federal deadlines for EHR meaningful use adoption. What they may not realize is other aspects of the Health Information Technology for Economic and Clinical Health (HITECH) Act will directly affect dental practices.

For a bit of background, Medicare eligible professionals (EP) qualified to start collecting incentive payments for meaningful use of certified EHR systems in 2011, though they have been hampered by a lack of certified dental systems. Those who do not adopt EHR will face penalties in the form of decreased Medicare payments starting in 2015. The Medicare incentive program ends in 2016.

Whereas, decisions on Medicaid incentives and penalties are left up to individual states:

“To  receive Medicaid incentive payments, a provider must meet patient volume  thresholds (as measured by a methodology selected by the state). The minimum Medicaid patient volume threshold is 30%; however, different minimum thresholds apply to certain providers, including eligible professionals practicing at Federally Qualified Health Centers or Rural Health Centers.”

EHR implementers who meet the Medicaid patient volume threshold set by their state, or provide a significant amount of service to Rural Health Centers, must start receiving incentive payments by 2016. They must continue to meaningfully use the EHR system to receive subsequent payments. The Medicaid incentive program ends in 2021.

The bottom line for most dentists is this:

“The   Medicare and Medicaid program aspects of HITECH may not affect most dentists   because of the limited availability of certified EHR technology for   dentistry, and because many dentists do not provide Medicare-covered services   or meet the Medicaid incentive program patient-volume threshold. However,   dentists should not ignore other aspects of HITECH, especially those parts   concerning Privacy, Security, and the Breach Notification Rule.”

The American Recovery and Reinvestment Act (ARRA), of which the HITECH Act is a part, established additional Health Insurance Portability and Accountability Act (HIPAA) requirements. These include 1) privacy and security extended to business associates, 2) breach notification, 3) health information privacy education, 4) withholding of protected health information from insurance carriers if patients pay out of pocket, 5) authorization for patient requested audit trails, 6) prohibited sale of protected health information, and 7) patient authorization for marketing and fundraising activity. All HIPAA covered dentists should stay abreast of HITECH changes that impact requirements for security and privacy policies through their professional associations.

Lessons Learned:

  • Even if you do not see Medicare and Medicaid patients in your practice, you should continue to follow HITECH related rulings that affect HIPAA privacy and security requirements.
  • Anticipate upcoming rulings from the Department of Health and Human Services based on recent legislation, and, when selecting new dental technology, adopt systems that can accommodate them.
  • The number of certified EHR dental systems is limited.

American Dental Association. (2011). ARRA, HITECH, and EHRs.