HIPAA Training for Dental Practices

Vocabulary flashcards covering essential HIPAA terms, roles, and rules relevant to dental-practice compliance.

HIPAA (Health Insurance Portability and Accountability Act)

Federal law that sets privacy, security, and breach-notification standards for protected health information (PHI).

Covered Entity

A dental practice (or other health-care provider, plan, or clearinghouse) that must follow HIPAA because it conducts electronic HIPAA transactions, such as submitting electronic claims.

Protected Health Information (PHI)

Any individually identifiable health information—electronic, paper, verbal, images, x-rays—related to a patient’s condition, treatment, or payment.

Electronic Protected Health Information (ePHI)

PHI that is created, stored, transmitted, or received in electronic form.

De-identified Information

Health data stripped of all patient identifiers so it can no longer be linked to an individual; no longer treated as PHI under HIPAA.

Use (of PHI)

Accessing, sharing, examining, or analyzing PHI within a covered entity.

Disclosure (of PHI)

Releasing, transferring, or providing PHI to a person or entity outside the covered entity.

Notice of Privacy Practices (NPP)

Document that explains patient rights and how a practice may use or disclose PHI; must be posted, provided to new patients, and available on request.

Business Associate

Vendor or contractor that needs access to PHI to perform services for a covered entity (e.g., IT firm, shredding company).

Business Associate Agreement (BAA)

HIPAA-required contract obligating a business associate to safeguard PHI and follow HIPAA rules.

Breach

Acquisition, access, use, or disclosure of PHI not permitted by HIPAA that compromises its security or privacy.

Privacy Official

Person responsible for a practice’s written HIPAA privacy and breach-notification policies and for handling related questions or incidents.

Security Official

Person responsible for a practice’s written HIPAA security policies and the protection of ePHI.

HIPAA Contact Person

Designated individual who receives privacy complaints, handles NPP questions, and processes patient requests for records, amendments, or accounting of disclosures.

HIPAA Security Rule

Requires safeguards to ensure the confidentiality, integrity, and availability of ePHI.

HIPAA Privacy Rule

Sets standards for protecting PHI in any format and grants patients specific rights over their information.

HIPAA Breach Notification Rule

Requires covered entities to notify affected individuals, the Office for Civil Rights, and sometimes the media after a reportable PHI breach.

CIA Triad (Confidentiality, Integrity, Availability)

Security goals: limit access to ePHI, prevent unauthorized alteration or destruction, and ensure information is accessible when needed.

Minimum Necessary Rule

When using, disclosing, or requesting PHI, share only the least amount needed to accomplish the task.

Encryption

Technical safeguard that converts data into a coded form; properly encrypted ePHI is generally protected from breach-notification requirements.

Security Incident

Attempted or successful unauthorized access, use, disclosure, modification, or destruction of ePHI, or interference with system operations.

Accounting of Disclosures

List a patient may request that shows certain non-routine disclosures of their PHI made by the practice.

Contingency Plan

Written procedures for responding to emergencies (e.g., disasters, power loss, ransomware) to ensure continued access to ePHI.

Sanctions

Workplace penalties—retraining, discipline, termination—imposed on workforce members who violate HIPAA policies.