Archive for the ‘Dental Practice Issues’ Category

Providing Protected Health Information in Response to Subpoena

Monday, March 12th, 2018

By Fisher, JD, CHC, CCEP

unauthorized release phi subpoena

OCR Citation for Improper Disclosure of PHI in Response to a Subpoena

A health care provider or other covered entity under HIPAA is permitted to disclose protected health information if it receives a lawful order from a court or administrative tribunal.  this does not mean that a provider can simply release everything it has in a patient record when it receives a court order.  Some records, such as mental health or substance abuse records might have special protections or limitations that apply.  Additionally a provider should closely review the relevant order and only disclose the information that is specifically required by the order.

The ability to release information in response to a subpoena, as opposed to an order of a court, is subject to different rules.  Patient information can only be provided under subpoena if certain notification requirements of the Privacy Rule are met. The notification requirements require the provider who received the subpoena to obtain evidence that there were reasonable efforts to notify the person who is the subject of the information about the request.  This is intended to give the individual an opportunity to object to the disclosure, or obtain a protective order from the court.

The application of these rules are

Read more here: Health Law Blog


Effective Dental Practice Compliance Cycles

Saturday, February 2nd, 2013

Establishing Effective Dental Practice Compliance Cycles

Dental practices normally focus their compliance efforts on regulations of the Occupational Safety & Health Administration (OSHA) and the Health Information and Portability Act of 1996 (HIPAA).  Until recently, dental practices have avoided many of the fraud and abuse enforcement activities that have been directed toward medical practices.  The environment for dental practices is beginning to change and we are seeing more governmental auditors and private contractors turn more attention toward review of dental claims.

Penalties for failure to follow billing rules can be very significant; particularly when a governmental health program is the reimbursement source.  For example, failure to return overpayments to a governmental program within 60-days following identification can result in liability of three times the amount of the overpayment, plus up to $11,000 per claim.  When discovery of an overpayment leads to other incorrectly submitted claims due to a systematic billing error, the penalties add up quickly.  Errors that are not discovered by the provider but could have been discovered through an “effective” compliance program will be deemed to have been “identified” and subject to penalty if discovered by a governmental or private auditor on review.

Because of the increased enforcement efforts, dental practices are beginning to recognize the need to establish systematic compliance programs that extend beyond the usual OSHA and HIPAA issues.  The Medicare Office of Inspector General has recognized that dental practices need to establish systematic compliance programs that include identification of potential legal risk areas and systematic audits of high risk areas.  “Off the shelf” form policies will not be  adequate to create a compliance program that is “effective” and in fact will often create additional risk.  Every clinic is unique and a “one-size-fits all” plan will not likely meet the government’s standards for “effectiveness.”


Using “form” policies may give you a sense of security, but shortcut the important step of going through the institutional process of identifying risk areas and creating compliance cycles that are unique to your specific organization.  A compliance program must be viewed much more as a process that must be continually operated rather than a set of policies.  It is important to create a “compliance cycle” which involves a continued process of risk identification, auditing and monitoring, training of personnel, corrective actions and appropriate plan revisions.  Attempting to shortcut the process necessary to create an organic compliance cycle will not result in an “effective” program and will not likely withstand governmental scrutiny.

John H. Fisher, CHC, CCEP is a healthcare attorney with Ruder Ware in Wausau, Wisconsin.  John is certified in healthcare compliance by the Health Care Compliance Association.  He is also certified in corporate compliance and ethics by the Society for Corporate Compliance and Ethics.  John is an active blogger on healthcare and compliance issues at