Hello and welcome to the HealthFirst Podcast. I’m your host, Michelle Dawn Mooney, and today we are discussing dental compliance—specifically navigating HIPAA updates for 2025.
Joining me is Olivia Wann, owner and education director of Modern Practice Solutions LLC. Olivia brings deep industry experience, having worked as a registered dental assistant and dental office manager for 14 years before founding her consulting company, now 25 years strong. She also manages a busy law practice.
Overview of HIPAA Updates for 2025
Olivia explains that we are currently under a proposed rule change. Although nothing has been signed into law yet, anticipated changes include shifting previously “addressable” requirements to “required.” The Department of Health and Human Services, via the Office of Civil Rights (OCR), has noted that many covered entities treated addressable items as optional—something that will no longer be permissible.
Privacy and Security Concerns
While patient privacy and confidentiality remain central, Olivia notes that many practices overlook day-to-day privacy breaches in favor of worrying about major cyberattacks. The new rules aim to enhance technical controls, especially around electronic protected health information (ePHI).
Encrypting and Monitoring Data
Encryption will become mandatory. Olivia emphasizes the need for a competent IT provider to secure and monitor data. Practices should implement behind-the-scenes monitoring and be prepared for audits from the OCR. These audits often require proof of system activity reviews, policies, procedures, and contracts with third-party vendors going back six years.
Telehealth and Remote Care Considerations
Telehealth introduces new layers of complexity. Olivia points out the importance of end-to-end encryption and consistent system monitoring. OCR inquiries now include checks for third-party audits and detailed logs of system activity, highlighting the need for rigorous documentation and real-time detection of potential breaches.
Staff Training and Designated Roles
Education is critical. Olivia recommends blocking time in the appointment schedule for HIPAA training, not just for compliance, but for true understanding. All policies must be updated, and new business associate agreements signed. Practices must also carefully appoint privacy and security officers—preferably someone with a deep understanding of IT infrastructure.
The Cost of Non-Compliance
The cost of failure is steep. Olivia cites updated 2024 penalties: from $141 to $71,162 per violation, with annual caps reaching over $2 million. Demonstrating adoption of Recognized Security Practices (RSPs) is essential to mitigating these risks.
Practical Steps for Better Security
Simple but effective steps include:
- Avoid using free consumer email accounts.
- Use paid email services with spam filtering and phishing detection.
- Train staff to recognize phishing emails.
- Employ strong passwords and avoid default credentials.
- Install firewalls and enable system monitoring.
Looking Beyond 2025: Trends and Recommendations
Penetration testing—a controlled hacking simulation—may become a standard. Olivia shares anecdotes of cybersecurity experts breaking into hospital databases in under two hours to highlight system vulnerabilities. Though costly, such testing is a proactive measure.
Resources for Compliance
Start with a security risk analysis. Olivia recommends the free HIPAA Security Risk Assessment Tool available on the HHS.gov website. It’s exhaustive, requiring several hours, but essential for identifying and closing compliance gaps.
Final Words of Advice
Overwhelmed? Olivia urges dental practices to take “baby steps.” Develop a plan, schedule time for implementation, and bring in expert help if needed. With intentional, scheduled effort, HIPAA compliance is achievable.
