Legal Reference Guide For California Dentists

®

PPMD157-0118 Copyright © 2018 California Dental Association.

California Dental Association1201 K Street, Sacramento, CA 95814

800.232.7645 | cda.org

Legal Reference Guide For California Dentists

Chapter 5 — Patient Considerations

Examination, Diagnosis and Treatment .......................................................................................................... 4

116. Must I perform an exam before a hygienist can perform a prophy? ................................................... 4

117. Who is considered a “patient of record”? ..................................................................................... 4

118. What allowances does the DPA make for telehealth? .................................................................................... 4

119. What are the legal concerns when taking a health history? ......................................................................... 5

120. Are there legal issues regarding treatment planning? .................................................................................... 5

121. Do I need to obtain informed consent for all procedures? Should I use a form? .......................................... 5

122. What if the patient refuses to undertake recommended treatment? .............................................................. 6

123.Can I proceed with treatment even if the patient does not consent to recommended X-rays or other diagnostic procedures? ......................................................................................................................................

6

124. Can I proceed with treatment that the patient wants but I don’t think is indicated? ..................................... 7

125. What is the standard of care?............................................................................................................................. 7

126. Am I protected from liability if I volunteer my services as a dentist? .............................................................. 7

127. What are my obligations to treat patients with dental emergencies? ............................................................ 8

Communication, Records and Privacy .......................................................................................................... 9

128.I own a CBCT and I am not a radiologist. A colleague has requested that I take an image of her patient. What are my obligations to the patient? ............................................................................. 9

129. What are the rules for communicating with patients via their cellphones? ........................................... 9

130. Is there a limit to the time I am allowed to try to reactivate a patient? ......................................................... 9

131. What rights does a patient have to privacy and confidentiality? ................................................................... 10

cda.org/practicesupportChapter 5 | Legal Reference Guide for California Dentists | 2 of 26

132. What should I do to protect patient information? ........................................................................... 10

133. What are my responsibilities related to privacy of patient information under HIPAA and California law? 11

134. What must I do if I discover that information about my patients has been stolen or accessed by unauthorized individuals? ...................................................................................................................................

11

135. Can patient information be recorded on the outside cover of the record? .................................................... 14

136. Are there rules on who can write and how to write in the record?.................................................................. 14

137. When is it OK to alter the record? .................................................................................................................. 14

138. What rights do patients have in accessing their records? .............................................................................. 15

139.How do I deal with information requests from individuals or entities who do not represent the patient — what information can they have?........................................................................................................................

15

140.If someone other than the patient or dental benefit plan takes on the responsibility of paying for treatment, what information may I disclose to that person?.............................................................................

16

141. Someone has subpoenaed a patient’s record. What should I do?................................................................. 16

142. Can I charge patients for copying their records?........................................................................................... 17

143. Must I provide an electronic copy? ................................................................................................................... 17

144.A patient wants her information emailed but I do not have the capability to encrypt outgoing email — what are my options? ........................................................................................................................................

18

145. How long must I retain patient records? ........................................................................................................... 18

146. Does the CMIA place additional limits on using PHI for business operations?............................................... 18

147. What legal issues do I need to consider when making the transition to electronic charts?........................... 19

Sensitive Patient Concerns .................................................................................................................................. 20

148. Am I required to provide a sign language interpreter for my hearing-impaired patient? ............................ 20

149. How do I find a sign language interpreter? .................................................................................... 20

150. Who pays for the sign language interpreter? .................................................................................................. 20

151. Must I provide a foreign language interpreter? .............................................................................................. 21


152.How can staff determine whether a patient’s dog is a legitimate service animal? And are animals that are being trained to be service animals allowed the same access as a service animal? ............................

21

153. Must I treat patients with HIV, HCV or other infectious diseases? ................................................................. 21

154. My patient is upset that I asked about his HIV status. Isn’t that something I should know? .......................... 22

155. The patient wants to know my HIV status and that of my staff — do I have to provide the information? 22

156. Is obesity considered a disability? What is the best way to manage an obese patient?............................. 22

157. How do I handle a drug-seeking patient? ....................................................................................................... 23

158.Am I obligated to report signs of abuse or neglect upon examination of a child or elderly patient? What do I do if I see indications of domestic violence? .................................................................................

23

159.My patient is involved in a lawsuit. Do I have to testify? Doesn’t the dentist-patient privilege help me avoid this? .........................................................................................................................................................

24

160.

I have a long-time patient who in the last year has become increasingly forgetful. I am unaware of any family or close friends involved in his care. With whom may I discuss my concerns about the patient’s cognitive health? I am concerned not only about the patient’s well-being but also my liability if there is a question as to the patient’s consent to treatment. .........................................................................................

24

161. My minor patient is pregnant and I don’t think her parent knows. Can I tell the parent? ............................ 24

Terminating The Relationship ................................................................................................................................. 25

162. I’m closing my practice — when and how do I tell my patients? .................................................................. 25

163. What are my obligations to my patients when I sell my practice?........................................................ 25

164. How do I dismiss a patient from the practice? ................................................................................................. 25


Examination, Diagnosis and Treatment116. Must I perform an exam before a hygienist can perform a prophy? According to Business and Professions Code §1684.5(a), it is unprofessional conduct for a dentist to perform or allow to be performed any treatment on a patient who is not that dentist’s patient of record. You may, after conducting a preliminary oral examination, direct the appropriate allied dental health professional to perform procedures necessary for diagnostic purposes.

Additionally, you may direct the appropriate allied dental health professional to perform all of the following duties prior to your examination of the patient:

• Expose emergency radiographs upon your direction.• Perform extraoral duties or functions you specify.• Perform mouth-mirror inspections of the oral cavity, including charting of obvious lesions, malocclusions, existing restorations and missing teeth.

These requirements do not apply if you are providing examinations on a temporary basis outside a dental office in settings including but not limited to health fairs and school screenings. They also do not apply to fluoride mouth rinse or supplement programs administered in a school or preschool setting.

117. Who is considered a “patient of record”? A “patient of record” is a patient who has been examined, has had a medical and dental history completed and evaluated, has had oral conditions diagnosed and for whom you have developed a written plan.

118. What allowances does the DPA make for telehealth? “Telehealth” is defined as the mode of delivering health care and public health services via information and communica-tion technologies to facilitate the diagnosis, consultation, treatment, education, care management and self-management of a patient’s health care while the patient is at the originating site and the health care provider is at a distant site. Telehealth facilitates patient self-management and caregiver support for patients and includes synchronous interactions and asynchronous store-and-forward transfers.

Pursuant to Business and Professions Code Sections 1753.55, 1910.5 and 1926.05, in identified settings, registered dental assistants in extended functions (RDAEF), registered dental hygienists (RDH) and registered dental hygienists in alternative practice (RDHAP) who have received specified training may determine and perform radiographs for the specific purpose of aiding a dentist in completing a comprehensive diagnosis and treatment plan for a patient using telehealth as defined by law for the purpose of communication with the supervising dentist. Additionally, RDAEFs, RDHs or RDHAPs who have received the required training may place interim therapeutic restorations as defined by law. Nothing in the law requires a dentist to review patient records, make a diagnosis using telehealth or supervise dental team members utilizing telehealth technology.


119. What are the legal concerns when taking a health history?You need to obtain information from a patient that is necessary to properly diagnose and provide treatment. Many dental practices require patients to complete a health history form.

While it is possible to gather adequate information with a form, you should also discuss its contents with the patient to ensure accurate responses and provide explanation sufficient to identify the health condition if the written form only provides a generalized response to the question. The health history form should be provided to all patients treated in a dental practice. Depending on the practice’s patient base, it may be necessary to have forms available in languages other than English and advisable to have bilingual dental staff to assist patients with the form.

The health history form establishes an important baseline for new patients in respect to future dental treatment. Therefore, it is essential that all new patients complete a detailed and accurate health history and regularly update and sign the form to indicate that they have reviewed it.

The health history should also elicit information concerning past and current prescription medication use and any reaction to the use of medications. This ensures that you can provide proper advice about treatment options and that medication you prescribe are not contraindicated due to potential adverse reactions with other medications the patient takes. It is advisable to update the health history information on a yearly basis if possible.

120. Are there legal issues regarding treatment planning?A dentist must provide a treatment plan that is clear and addresses a patient’s necessary dental treatment requirements. A plan that reflects excessive diagnostic procedures or treatment will violate the California Dental Practice Act (BPC § 1680). A plan that fails to include a proper diagnosis and necessary treatment may result in claims of negligence. A dentist cannot discriminate against a patient in treatment planning based on any of the federally protected classes of race, color, religion, sex, national origin, age, sex, pregnancy (unless the dental treatment would harm the fetus), citizenship, familial status, disability, veteran and genetic information. A written treatment plan will also provide information enabling the patient to grant informed written consent. It is beneficial to comply with the duty to provide informed consent to document all treatment options offered to the patient including the treatment actually selected by the patient.

121. Do I need to obtain informed consent for all procedures? Should I use a form? Not all situations require a written informed consent. Sometimes the need for express patient permission to treat is waived or implied. At one extreme, this would include the case of an emergency in which treatment of an unconscious patient is medically necessary and no surrogate is available to give consent. The other extreme would be a simple, common procedure for which there are no or only remote risks. A third type of situation exists when patients imply consent by their actions; for example, when a patient has agreed to undergo a procedure by sitting in the chair for an oral exam.

Informed consent is a dialogue between you and your patient discussing:

• The nature of the recommended treatment.• The risks, complications and benefits of that treatment, including the likelihood of success.• Reasonable alternatives to the recommended treatment — including no treatment — and the risks, complications and benefits of each.


The key is to provide adequate information for the patient to make an informed choice. Informed consent should include your discussion of the treatment, risks, benefits and alternatives tailored for each patient’s particular needs. Use everyday language to ensure comprehension and give the patient all the information necessary to make an informed consent. You can supplement this discussion with other forms of information such as educational pamphlets, videotapes and/or the use of preprinted informed consent forms.

A printed and signed informed consent form is a useful tool in many ways, but it should not replace the dentist-patient dialogue. A well-drafted consent form can:

• Initiate and guide the conversation while reducing the likelihood that points will be forgotten.• Be given to the patient to take home and review without pressure before signing.• Provide material evidence that the patient was informed of the diagnosis, treatment and the benefits, risks and consequences of the procedure when it is signed and dated by the patient or the patient’s representative.

Another option is to document the informed consent dialogue in the patient’s chart. The date, parties present and issues discussed (nature of treatment, risks, benefits and consequences of each) should be included in the documentation. Make a notation about whether you believed that the patient understood the discussion as well as the manner in which the patient actually consented to treatment. The problem with this method of recording informed consent, however, is that if tested, it may become your word against the patient’s as to what was discussed.

For this reason, an informed consent form is preferable. By signing a properly drafted written informed consent document, the patient attests that the nature, risks and benefits of the treatment and the alternatives and their consequences have been explained satisfactorily and that he or she has had the opportunity to ask questions and have them answered. No matter which consent method you choose, you should not provide treatment beyond that authorized in the consent.

122. What if the patient refuses to undertake recommended treatment?Just as patients should know the risks, benefits and alternatives of a recommended treatment, they should also know the potential consequences of refusing a proposed treatment or procedure. For example, a patient who refuses the recommendation to extract a completely bony impacted third molar must understand the potential for continued symptoms, bone loss and serious, potentially life-threatening infection. Most states impose a duty on dentists to obtain a patient’s informed refusal whenever refusal holds potentially serious complications. Should a patient decline to undergo a recommended procedure, you should document that the patient understands the risks that may arise from such refusal and record in the treatment chart all recommended treatment and alternatives discussed. Also have the patient sign an informed refusal form or the treatment chart entry, noting the recommended treatment and risks of not proceeding, and keep that in the patient’s chart as well.

123. Can I proceed with treatment even if the patient does not consent to recommended X-rays or other diagnostic procedures?It isn’t a good idea if, in the absence of a recommended X-ray or diagnostic test, you do not have sufficient information to determine appropriate options for treatment. If you have recommended diagnostic tests or procedures in order to develop a treatment plan, you may be liable to a malpractice allegation if you proceed without obtaining those tests. Remember that a patient’s refusal to pursue appropriate testing or X-rays or to undergo treatment does not allow a dentist to practice below the standard of care. While patients may influence the treatment plan to some extent, do not perform substandard treatment even if the patient requests and consents to it. Do not allow patients to consent to substandard treatment based primarily on financial considerations or limitations of a dental benefits plan.


The patient’s refusal to undertake appropriate X-rays or diagnostic testing may reduce (through the doctrine of comparative negligence) but will not eliminate the risk of a malpractice action if substandard dental treatment is performed due to the absence of a diagnostic test or X-ray. The dentist is better off refusing to provide treatment if there is inadequate information to proceed.

124. Can I proceed with treatment that the patient wants but I don’t think is indicated?Again, it is not the best idea to act against your own professional advice. If the patient wants treatment that in your professional opinion is unwarranted or a poor option, be careful about providing it. This can be risky when you believe that providing the care has the potential to harm the patient. You are the knowledgeable, licensed professional and must use your best clinical judgment even if that means telling a patient you will not treat him or her. If you believe the treatment the patient requests is not reasonable for the situation presented you run the risk of being liable for providing such treatment even if it is treatment requested by the patient. Imagine how your testimony would appear to a jury if you were forced to justify treatment that was contrary to your own professional advice. A patient may file a lawsuit for malpractice following failed dental treatment, and many times the patient does not recall that the dentist advised against such treatment or recommended alternatives.

125. What is the standard of care?The standard of care is a relative standard based on the conduct of a reasonable dentist under the same or similar circumstances. The conduct of any dentist will be judged by the conduct of other dentists practicing under the same or similar circumstances with the same or similar training. If you provide treatment normally rendered by a dental specialist, even if you are a general dentist, you will be held to the standard of care required of a specialist rendering that treatment. During a lawsuit, each side presents expert witnesses who offer their opinions as to what actions the standard of care required. It is then up to the judge or jury to decide what the standard of care is in regard to the treatment provided and whether it was violated. The standard of care is not established by any book or article in the medical or dental literature. It depends on reasonable practices in the same or a similar situation at the time the dental treatment is rendered. The standard of care changes based on new knowledge or evolving techniques.

126. Am I protected from liability if I volunteer my services as a dentist?Many doctors are under the false impression that if they volunteer their services, the individuals they treat are not their patients. Further, they may believe that good Samaritan laws exempt them from all liability. Good Samaritan laws usually lower the standard of care only when doctors render care in an emergency and outside a health care treatment facility, not for volunteer services. Several federal and state laws offer some protection to dentists who volunteer their services. Charitable immunity or volunteer clinician laws generally protect volunteers only when they are acting within the scope of their responsibilities as part of the nonprofit organization at the time of their alleged act or omission. California does not have charitable immunity laws that may apply. For these reasons, you should rely on your attorney for legal advice.

Every doctor is obliged to provide every patient with the same standard of care, regardless of whether the individual is the doctor’s patient of record. If you volunteer your services, it is important to engage in thorough informed consent discussions, including the limitations of the evaluation, a diagnosis, recommended treatment and the consequences of no treatment. It is important for the patient to understand that the evaluation or limited care offered at a screening or charitable event does not establish a continuing doctor-patient relationship. However, abandonment issues may arise when there is a need for follow-up care. The safest course is to make follow-up care available or put in writing why it is needed and include information about how to access it. That may mean treating the patient at your private practice for free. Be careful not to solicit patients at charitable events, as doing so is an ethical violation.


While your professional liability insurance should cover you, contact your insurance carrier prior to volunteering yourprofessional services. In addition, if you are retired but wish to provide voluntary services, you may qualify for discounted rates. An insurer may require additional information about the event, your role, the services you are offering and with whom you will be working. Your insurer wants to be certain that you are not exposing yourself to unnecessary risks, such as working with an unlicensed dentist.

127. What are my obligations to treat patients with dental emergencies?You have the obligation to make reasonable arrangements for the emergency care of your patients of record. You have the obligation, when consulted in an emergency by a patient not of record, to make reasonable arrangements for emergency care of that patient.

Examples of reasonable arrangements include:

• Before taking an extended vacation or leave from the practice, arrange for emergency coverage with one or more colleagues. Notify your patients in advance and provide your colleagues’ contact information.• For times when your office is closed, leave an outgoing message on your telephone answering system that provides instructions on how to contact you or a colleague who is providing emergency coverage. If you use an answering service, instruct the operator to obtain the patient’s full name, date seen by the dentist, complaint and a telephone number. You should have a method of verifying patients of record or patients of colleagues for whom you are providing emergency coverage.

After listening to the patient’s complaint, you may choose to:

• Prescribe pain relief medication appropriate for the patient’s condition and consistent with federal law, with directions to the patient to schedule an examination at the earliest possible time.• Direct the patient to an emergency room, urgent care facility or other dental office.• Direct the patient to come to your dental office for an examination as soon as possible.

If you agree to see a patient at a time when your office is typically closed, take appropriate precautions for your safety, including having the requisite office staff present to allow you to perform an evaluation or provide treatment. It is not required that you see an emergency patient in the middle of the night. If a patient in pain contacts you in the middle of the night, refer him or her to a hospital emergency room or urgent care facility for pain relief and direct the patient to visit your office at the earliest possible time. Prescription of medication following an emergency telephone call is problematic, as the dentist cannot perform an examination before prescribing. In addition, a dentist who prescribes medication over the phone is unlikely to know what other medications the patient takes or their possible interactions with the drug the dentist is prescribing and this could lead to adverse reactions.

Be sure to make a record of these after-hours consultations and ensure that the notes are placed in the patient’s chart.


Communication, Records and Privacy 128. I own a CBCT and I am not a radiologist. A colleague has requested that I take an image of her patient. What are my obligations to the patient? You should treat this patient as one of your own patients of record, even if you are performing just one procedure. At a minimum, take a medical/dental history and confirm the patient’s suitability for imaging. In addition, you and the referring dentist should determine who will interpret the images. If you will not be interpreting them, you should ensure that the patient signs a document that (1) affirms his or her understanding that you will not interpret the images, (2) affirms that the patient was given the option to have the images read by a dental radiologist and (3) informs the patient of the person or entity who will undertake the interpretation. If you read the images, you are responsible for interpreting all issues of the jaw, teeth and associated structures evident in the images; in other words, all the data from those studies. If you are also a physician, you may be obliged to diagnose other medically related conditions apparent in the images.

You may use the CBCT Scan Documents for communications with the patient. For information on billing, refer to the article, Using an Imaging Service? on cda.org/practicesupport.

129. What are the rules for communicating with patients via their cellphones?The Federal Communications Commission, using the authority of the Telephone Consumer Protection Act of 1991 (TCPA), issued an order in 2015 that requires a business to obtain an individual’s consent prior to calling or sending a text message to an individual’s cellphone number. A health care exemption to the order applies if the communication:

• Is sent only to the cellphone number provided by the patient to the health care provider.• States the name and contact information of the health care provider (information must be at the beginning of a voice call).• Does not include telemarketing, solicitation, advertising, billing or financial content (including insurance information requests).• Complies with the HIPAA Privacy Rule.• Is short (one minute or less for voice calls and 160 characters or less for text messages).

Rules for Communicating via Telephone, Cellphone and Email is a CDA Practice Support resource that has additional information on the order and sample language that can be used to obtain needed patient consent.

130. Is there a limit to the time I am allowed to try to reactivate a patient?Contacting patients about uncompleted recommended treatment or for not being seen in the past year is common in dental practices. However, telephone calls to recall patients may be viewed as solicitation and, therefore, subject to the federal Do-Not-Call Registry rules. Telephone solicitation is limited to 18 months from the time an individual completes a transaction with the business or until the individual requests that he or she not be contacted again, whichever period is shorter. If an individual makes an inquiry, a business may call that individual for three months or until the individual requests that he or she not be contacted again, whichever period is shorter.

http://www.cda.org/practicesupport


131. What rights does a patient have to privacy and confidentiality?Federal and state law protects “individually identifiable health information,” defined as information that combines a patient’s identity with information about their health condition, treatment for that condition or payment for treatment. A patient’s name by itself is not identifiable health information. The Health Insurance Portability and Accountability Act (HIPAA) prohibits unauthorized release of the combination of a person’s identity with health information, including the simple fact that an individual is a patient of a particular provider.

The compliance standard for the HIPAA Privacy Rule remains “reasonable measures to protect patient privacy.” The rule does not specifically require locking file cabinets or establishing cones of silence, despite the rumors. And, by “reasonable,” the rule assumes that the dentist will do what is appropriate and reasonable, having assessed the risk of release of protected patient information. Authorizations from patients are generally required for use and disclosure of their information for purposes other than treatment, payment or the health care operations of the dental office. A dentist who holds patient-identifiable information is required under the rule to protect that information and to report any disclosures of it that the patient has not approved. Unlike the security provisions of HIPAA pertaining to electronic transfer of records only, the privacy provisions apply to paper and oral information as well as electronically stored and transferred data. But again, the Privacy Rule applies to dental offices that conduct certain specified transactions with third-party payers electronically.

California privacy statutes demand protection of information not considered individually identifiable health information, such as a name combined only with a Social Security number or other identifier. Specifically, state law requires government agencies and businesses that maintain personal information — first and last name or first initial and last name in combination with a Social Security number, driver’s license/identification card number, bank account or credit card number, medical information, health insurance information or a username or email address in combination with a password or security question and answer that would permit access to an online account through computerized data — to notify individuals when the security of any unencrypted data is breached.

132. What should I do to protect patient information?Confidentiality of patient information has long been a tenet of health care professions. However, the move from paper to electronic record keeping and communications, plus population mobility have led to the adoption of a broad range of federal and state laws and regulations that strive to ensure not only the privacy and confidentiality of patients’ information but also the availability and integrity of electronic patient information.

Health care providers should take reasonable and appropriate steps to safeguard patient information in all forms — written, verbal, visual and electronic. The safeguards should be reasonable and appropriate for the provider’s size, type of service, location and finances. For example, the use of magnetic key cards at a small dental practice that is the sole occupant of a building may be considered an unreasonable safeguard for the practice’s size. Reasonable safeguards for a dental practice can include:

• Having staff speak in low voices or in a private room, if available, when conversing with a patient about treatment details.• Prohibiting staff from discussing patients outside the dental practice.• Applying the “minimum necessary” rule when forwarding patient information to a specialist’s office for treatment.


Incidental uses or disclosures, such as appointment reminder postcards, a sign-in sheet in the lobby or calling a patient’s name in the waiting room, are allowed as long as there is an effort to ensure the minimum amount of necessary information is used.

The HIPAA Security Rule, which is focused on electronic patient information, has specific requirements. It is best to work with someone who knows both the dental practice’s IT system and the capabilities and limitations of current technology in order to ensure the practice can effectively manage any risks and vulnerabilities in its system. Even if a dental practice is not a HIPAA-covered entity, California’s breach notification law is a strong incentive for ensuring the privacy of patient information.

133. What are my responsibilities related to privacy of patient information under HIPAA and California law?A dentist who holds patient-identifiable information is required under the Privacy Rule to protect against unauthorized release or disclosure of that information and to report its disclosure. Unlike the provisions of HIPAA pertaining to electronic transfers of records only, the privacy provisions apply to paper and oral information, as well as electronically stored and transferred data. But again, the Privacy Rule applies to dental offices that conduct certain specified transactions with third-party payers electronically. California law establishes a similar requirement that health care providers protect the privacy of patients’ health information, requiring patient authorization before information can be disclosed, with certain exceptions (e.g., for purposes of filing claims for payment, in the event of a court order to provide information or for law enforcement purposes). Unlike the HIPAA rule, California’s privacy law applies to all providers, whether or not they conduct electronic transactions with payers. Also, California does not permit disclosure of patient health information without patient authorization for some health care operations that HIPAA does allow without authorization; an example is pursuit of a collections action.

For more information on the HIPAA Privacy Rule and the California Confidentiality of Medical Information Act (CMIA), visit cda.org/practicesupport.

134. What must I do if I discover that information about my patients has been stolen or accessed by unauthorized individuals?California Civil Code §1798 requires any person doing business in California who maintains other individuals’ personal and health-related information through computerized data to notify those California residents when the security of the data is breached. Upon discovering that patients’ personal information has been compromised, you must provide patients with notice in writing, electronically or by substitute notice. Substitute notice may be used only if the cost of providing notice exceeds $250,000 or if more than 500,000 people have to be notified. Notices must be provided “in the most expedient time possible and without unreasonable delay.” Copies of the notices must also be sent to the California attorney general.

The following types of information, when breached, trigger the notice requirement:

• Unencrypted computerized data, including certain personal information.

• Patient’s name (first and last name or initial and last name) plus any of the following: 1. Social Security number. 2. Driver’s license or California identification card number. 3. Financial account number, credit or debit card number (along with a PIN or other access code where required for access to account). 4. Medical information. 5. Health insurance information. 6. A user name or email address in combination with a password or security question and answer that would permit access to an online account.



Breach notices sent pursuant to §1798 must contain the following information:

• The name and contact information of the person or business reporting the breach.

• A list of the types of personal information that were or are reasonably believed to have been breached.

• The following information, if it is possible to determine at the time the notice is provided: 1. The date of the breach. 2. The estimated date of the breach. 3. The date range within which the breach occurred.

• Date of the breach notification.

• Whether notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.

• A general description of the breach incident, if that information is possible to determine at the time the notice is provided.

• The toll-free telephone numbers and addresses of the major credit reporting agencies, if the breach exposed a Social Security number, driver’s license or California identification card number.

• If credit monitoring or other identity theft mitigation services are offered, they must be offered free of charge and for a minimum of one year.

The breach notification must be written in plain language and must be titled “Notice of Data Breach.” It must present the information listed above under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do” and “For More Information.” Additional information may be provided as a supplement to the notice. The text of the notice can be no smaller than 10-point type.

At the discretion of the business, the notification may also include either or both of the following:

• Information about what the business has done to protect individuals whose information has been breached.

• Advice on precautionary steps the person whose information has been breached may take.

California’s Health and Safety Code requires that clinics and health facilities notify affected individuals and the California Department of Health Care Services in the event of an unauthorized use or disclosure of a patient’s medical information. This notice must be made within five days after the incident has been detected. “Medical information” is defined as any individually identifiable information in electronic or physical form regarding a patient’s medical history, mental or physical condition or treatment.

If you are a HIPAA-covered entity, know that HIPAA also contains provisions related to breach notifications. Patients must be notified any time their unsecured protected health information (PHI) may have been compromised through unauthorized acquisition, access, use or disclosure. Covered entities must presume there is a reportable breach unless there is a low probability after risk assessment that the PHI has been compromised. Covered entities must conduct a risk assessment that includes the following four factors to determine the probability that the PHI in question was compromised:


• The nature and extent of the PHI involved in the breach, including the types of identifiers and the likelihood of re-identification of the PHI.

• The unauthorized person who used the PHI or to whom the disclosure was made.

• Whether the PHI was actually acquired or viewed by the inappropriate recipient.

• The extent to which the risk to the PHI has been mitigated.

Unsecured PHI is any protected health information that is not rendered unusable, unreadable, or indecipherable. In the event of a security breach, notifications must be sent without unreasonable delay and in no case later than 60 calendar days after discovery of the breach. If a breach affects 500 or more patients, it must be reported to the Department of Health and Human Services, which will post on its website the name of the entity that experienced the breach. If 500 or more patients residing in the same area are affected, the breach must be reported to local media. The security breach notification requirements of the Health Information Technology for Economic and Clinical Health Act (HITECH) apply to covered entities and also require that business associates notify covered entities of a breach of unsecured PHI that they hold on its behalf. Security breach notifications must contain the following:

• Description of what happened.

• Description of the information involved.

• Steps individuals should take to protect themselves from potential harm resulting from the breach.

• Description of investigation and mitigation steps.

• Contact information.

It is important to remember that despite HITECH, HIPAA does not preempt state laws, such as California’s, which are more protective of patient information. Covered entities must be in compliance with all applicable state privacy laws. A side-by-side comparison of state and federal requirements, data breach notification requirements and a sample notification letter are available on cda.org/practicesupport. Notification letters that meet HIPAA requirements are deemed to be in compliance with California’s breach notification statute; it is not necessary to send multiple notification letters.

Some insurance companies offer data compromise policies. It may be a good idea to contact your insurance agent or broker for more information on this added layer of protection.

It is important that all patient information contained on a computer, mobile phone or storage device that is taken out of the office be encrypted and password protected to prevent the need for providing notice if that device or data is lost or stolen.

You may also refer to Data Breach Notification Requirements Checklist on cda.org/practicesupport.




135. Can patient information be recorded on the outside cover of the record?Yes, but only the patient’s name and/or account number can be readily apparent. Where certain health notices or medical alerts (e.g., allergy notice, antibiotic premedication) are required to be included in a patient’s record, there is no specific prohibition against indicating this information on the cover of the file. But in the interest of taking “reasonable measures” to protect patient privacy, it is best to use a color code system. For example, a yellow sticker on the outside of the folder can be alert clinical staff to look at the inside cover for more specific information on the patient’s medical condition that may affect dental treatment.

136. Are there rules on who can write and how to write in the record?Yes. Applicable laws may require certain entries in the record and may dictate how entries should be written. In addition, it is important to keep in mind that the record is the single most important source of evidence in a liability claim. Always think before you make an entry, especially if the remarks are complex in nature. But don’t delay; it is best to document while the patient is still in the office. It is also beneficial to make legible entries that can be read by other practitioners in or out of your office.

Make sure all of your entries are objective in nature. Record what happened. Confine your comments to necessary information about the patient’s treatment. Do not make unnecessary negative comments. Under HIPAA and many state laws, a patient has a right to request to see his or her record (including “personal notes” you may keep in a separate chart). If the record appears in a court case, disparaging remarks could alienate the judge and/or the jury.

The state requires that all entries be dated. Each person who makes an entry into the chart must either sign his or her name or use a unique identification number and initials. If an identification number system is used, maintain a master log of employees’ identification numbers. Many offices choose to use dental license numbers as unique identification. If a dental assistant makes an entry for a dentist, it is best to have the dentist’s signature, initials or identifying information and the dental assistant’s initials on that recorded entry. If the dental assistant makes an entry, the dentist should review that entry to ensure it is adequate, complete and reflects what occurred at that appointment as the dentist is responsible for the contents of such entry.

137. When is it okay to alter the record?You may forget to make a note in the record and it becomes necessary to make a correction or addition. The key to altering a record appropriately is to make sure the correction or addition is obvious. Do not attempt to conceal an entry, because it may appear that you have something to hide. If adding a note, make a new entry by first recording the date of the entry and using the phrase, “addendum to” followed by the date you are referencing. Do not attempt to insert the entry into the chronologically correct date for that entry, as that will be interpreted as an improper attempt to alter the treatment records.

If using an electronic health records system, ensure each individual has his or her own credentials to enter information into the system. A properly set-up EHR can be monitored to determine who entered certain information at a specific day, time and on which computer. When making changes to a paper chart, never use an opaque correction fluid or product such as Liquid Paper. Instead, draw a single line through an entry, initial and date it. The important factor is that the original entry must still be visible.


138. What rights do patients have in accessing their records?You own the patient record, including X-rays. Patients and their legal representatives are entitled to view or have copies of their information. You may require that the patient submit a written request and you must verify the identity of the requestor. A HIPAA-covered entity must provide an electronic copy if a patient requests that format. The patient’s entitlement to a copy of all treatment records may not be denied due to the presence of sensitive information in the records or because of an outstanding balance. After receiving the request in writing, you have 15 calendar days to deliver the copy to the patient. Should a patient ask to inspect his or her record, you have five working days to provide access. In addition, if a summary of the record is requested in writing, you have 10 days to provide the summary to the patient. Never release original content of the chart or original X-rays to the patient or any other health care provider. See question 142 for information on charging for copies. Failure to provide records to a patient when requested is a violation of the Dental Practice Act and can subject you to a fine and payment of attorneys’ fees if the patient is forced to compel production of such records. See Patient to Access Records (Records Release) Form and Q and As on cda.org/practicesupport for additional information.

139. How do I deal with information requests from individuals or entities who do not represent the patient — what information can they have?Records can be released to anyone the patient names in the request to access records. If, however, the patient is not the one requesting the information or records, whether you can provide it depends on who the requestor is and why the request was made.

Patient information may be released without the patient’s authorization for the purpose of treating the patient (sharing treatment information with a specialist, for example), obtaining payment for treatment and to conduct certain business operations such as quality assessment audits. Patient information also may be released without patient authorization for certain public benefit or interests. This includes disclosure to appropriate agencies regarding possible domestic abuse, criminal activity, conditions that should preclude operation of a motor vehicle or other legal violations involving patients. It also includes disclosure to a coroner for official purposes.

Employers, in general, do not have the right to access PHI except in workers’ compensation cases. Employers who self-insure may have limited access to patient information necessary to determine payment. Dental benefit plans also have limited access to information necessary to determine payment and to conduct quality assessment audits.

A dentist who was formerly an associate in a dental practice may not obtain copies of patient records without first providing the owner of the practice with the patient’s written authorization to release the information. The former associate dentist may be entitled to the contact information of the patients he or she treated, if this subject was not addressed in the employment contract or was not properly maintained as trade secret information of the practice.

Be aware that the patient health history form includes medical information that must be kept confidential unless the patient or patient’s representative has given express permission for its release: mental health information, drug and alcohol abuse records, HIV/AIDS status and a minor patient’s pregnancy status. This material should not be provided to others who submit a general request for patient records.

For more information on when and how patient information may be released, refer to the article Uses and Disclosures of Patient Health Information, available on cda.org/practicesupport.




140. If someone other than the patient or dental benefit plan takes on the responsibility of paying for treatment, what information may I disclose to that person?HIPAA allows only disclosure of the minimum necessary information, in this case patient name, treatment type, date of treatment and fee. In some cases, such as a parent paying for care of an adult child, the payer may want more than the minimum necessary information. In such cases, the dental practice can request the patient sign an authorization form allowing the practice to disclose specified information to the payer. Although the patient may withdraw the authorization at any time, the form should include an expiration date. A dental practice may use “Consent Form for Use or Disclosure of Patient Information,” available on cda.org/practicesupport. If the patient refuses to provide authorization, the office may not disclose more than the minimum necessary information.

The patient also has a right to request that a HIPAA-covered entity withhold treatment information from a dental benefit plan or medical plan and, if treatment is paid in full by the patient or other individual, the covered entity must comply with the patient’s request.

141. Someone has subpoenaed a patient’s record. What should I do?Circumstances may dictate how you respond to the subpoena, but you should always consult with your attorney.

If law enforcement serves the subpoena, contact your attorney immediately. Provide the officers with the record while informing them that you are calling your attorney. Do not try to impede law enforcement’s access to records if the subpoena allows immediate access. If the subpoena mandates production of records at a later date, do not release the records before that date.

A subpoena usually arises from a civil lawsuit. Upon receipt of a subpoena in these cases, you must evaluate whether you can comply with the demand for records. Consider these questions:

• Do you have the requested records? If not, provide a statement that you do not have them.

• Is the subpoena issued part of a civil action in California? Out-of-state subpoenas are not enforceable in California, except for those issued in federal cases. Subpoenas issued as part of state administrative hearings have patient notification requirements. Consult with your attorney for more information.

• Are you a party to the lawsuit? If yes, contact your professional liability carrier.

• Is the subpoena valid? A subpoena is valid if (1) it is personally served on you or someone authorized by you to receive a subpoena; (2) it is issued by the clerk of the court or attorney handling the lawsuit; (3) it is addressed to you or to someone qualified to certify the requested records; (4) it contains a date for production of records that is at least 20 days after the subpoena was issued, at least 15 days after it was served on you and at least 20 days after notice of the subpoena was received; (5) it specifies each item or category of items to be produced; and (6) it includes documentation that the patient either has consented to the release of records or has been informed of the records request.



The 20-day period before production of records is specified to allow the patient time to object to the production of the records (if they are not requested by the patient or the patient’s attorney) or for the court to hear motions to suppress the subpoena. If the subpoena is valid and you are not a party to the lawsuit, produce the records as requested, sign the affidavit and submit a statement for costs incurred in responding to the subpoena. Do not release the records before the deposition date or production date identified on the subpoena, as premature disclosure could result in liability if the patient objects to such disclosure.

Per Evidence Code section 1158, you may seek reimbursement from the individual who provided the written authorization for copying costs (10 cents per page for standard size documents or actual costs for reproductions of oversize documents or X-ray film); clerical costs (maximum rate of $4 per quarter-hour for each person who assisted on such production of records); actual postal costs; and retrieval costs. If a copying service is used, you may charge no more than $15 plus the cost of the service.

142. Can I charge patients for copying their records?Yes, within specified limits and you must inform the patient of the fees in advance. The fee may only include the cost of:

• Labor to make the requested copy, whether in paper or electronic form.• Supplies such as paper or portable electronic media.• Postage when the patient requests the copy or summary be mailed.• Preparation of an explanation or summary of the record if requested by the patient.

The fee may not include costs associated with verification of the request, documentation, searching for and retrieving the record, maintaining systems, recouping capital for data access, storage or infrastructure or anything not included in the above paragraph. A per-page fee may not be charged for records maintained electronically. The fee may not exceed state limits:

• Twenty-five cents per page for copying paper documents.• Fifty cents per page from microfilm.• Actual cost for duplicating X-rays, photos, models, impressions, etc.• Actual postage cost.

A non-HIPAA covered entity may charge a fee for reasonable clerical cost to locate and make the records available, unless an electronic copy is requested, in which case no charge can be made.

Many dentists forgo charging a fee if they transmit the records directly to another dentist. See Patient Request to Access Records (Records Release) Form and Q and As on cda.org/practicesupport for additional information on fees.

143. Must I provide an electronic copy?You should provide a copy that is in the form and format requested by the patient or patient’s representative. If you are unable to readily produce the form and format requested by the patient, both parties should agree on an acceptable format. A dental practice that is not a HIPAA-covered entity is not required to provide an electronic copy.



144. A patient wants her information emailed but I do not have the capability to encrypt outgoing email — what are my options?You can ask the patient if she will accept the use of unencrypted email. To do so, you must (1) advise the patient of the risks of unsecure electronic transmission of information and (2) the patient must accept the risk and consent to the use of unsecure electronic transmission of information. Sample language to obtain patient consent is in Patient Request to Access Records (Records Release) Form and Q and As on cda.org/practicesupport.

If the patient will not consent to the use of unencrypted email, you should offer other secure alternatives for delivering the information, such as mailing a hard copy or mailing the information on an encrypted flash drive.

145. How long must I retain patient records?State law does not define the period for which a dentist must maintain patient records after the patient discontinues treatment with the dentist. Records of unemancipated minors must be kept at least one year after the minor has reached the age of 18, and in any case, not less than seven years. It is best to ask your professional liability carrier for its recommendation. Ideally, all dental records, active and inactive, should be maintained indefinitely. Records must be kept for seven years after a dental practice ceases operations.

146. Does the CMIA place additional limits on using PHI for business operations?HIPAA and California law allow a dental practice to provide patient information, without prior authorization, to other health care professionals for treatment purposes. HIPAA also allows disclosure of patient information for certain payment and health care operation purposes, but California law places some additional restrictions in these situations.

Sale or transfer of a practice. Although the HIPAA Privacy Rule allows the use and transfer of patient information to relevant parties who need that information for health care operations, including practice sales, state law does not include the same provision. It is therefore prudent for a selling dentist to limit the patient information a potential buyer or partner can view to the minimum necessary to value the practice. To allow transfer of records from seller to buyer, it is advisable to have patients sign a records release form. The seller should either return the completed forms to the buyer or require that the buyer assume custodial responsibility, including storage of inactive patient charts, which should be held offsite. The authorization form can be mailed to patients together with the selling dentist’s notification of transferring practice ownership. In the transfer, sale, merger or consolidation of a dental practice, the new owner may agree to take custody of the patient record (the alternative is that the former owner retains the records). As the custodian of records, the owner is legally respon-sible for ensuring that the contents are secure, and if records are to be destroyed, ensuring that the contents are unreadable.

Collection agencies. HIPPA allows disclosure of PHI to a debt collection agency with a proper business associate agreement in place to recover outstanding debts for treatment. However, California’s Supreme Court has ruled that health care providers may not send patient records to a collection agency without the patient’s authorization. A collection agency may request that a dental practice provide information on a patient’s treatment when the patient disputes the debt owed. A collection agency is required by law to respond to a debtor’s request for more information on a debt. If a dental practice uses a collection agency, the practice should, as part of the patient financial agreement, obtain a patient’s authorization to provide treatment information to collection and credit agencies. When giving information to a collection agency, the dental practice should provide only the minimum amount of information needed to collect the debt.



Disputed credit card charges. Patients paying for treatment with a credit card have in some cases had their card issuers reverse those charges due to complaints of unsatisfactory dental care. Dental practices may wish to appeal the credit card company’s reversal, but it is unclear whether providing PHI in this scenario is permissible without the patient’s authorization. Both HIPAA and California state law allow health care providers to disclose patient health information without prior authorization for payment purposes, such as to a third party dental benefit plan. However, both are unclear whether the exception also applies to disclosures to a credit card company for purposes of appealing a reversed charge. It is advisable to have patients sign, as part of the financial agreement, an authorization for disclosure in the event of a credit card-related payment dispute. When providing patient information to a credit card company, the dental practice should provide only the minimum amount of information needed to appeal the reversed charge.

147. What legal issues do I need to consider when making the transition to electronic charts?Dentistry is increasingly reliant on electronic patient records. When switching from paper to electronic, or from one electronic record system to another, a dentist will want to keep the following matters in mind when considering a system conversion:

• New system has the desired functionalities and integrates with other devices and systems such as digital radiography and appointment reminder program.• Hardware is/is not included in process. If included, consider warranties.• Schedule and procedure to transfer information from one format to another.• Compliance with HIPAA Security Rule specifications, including use of a business associate agreement, backups, monitoring, unique user identification and more.• Creating a backup copy of records to ensure existence of records should the conversion not be successful or results in loss or misplacement of data.• User training — method, frequency.• User support — method, fee basis, duration.• Upgrades, security patches included or extra.• Data security coverage for the transition period and afterwards.• Contract termination terms.

California requires that if only electronic record-keeping systems are utilized in a dental office, the office must use an offsite backup storage system, an image device that can copy signature documents and a mechanism to ensure that once a record is input, it is unalterable. You must develop and implement policies and procedures that include safeguards for confidentiality and to prevent unauthorized access to electronically stored records, authentication by electronic signature keys and systems maintenance. The electronic health record system must automatically record and preserve changes to or deletions of electronically stored health information and must include, among other things, the identity of the person who accessed the information and the change that was made. Original hard copies of patient records may be destroyed once the record has been electronically stored. The printout of the computerized version will be considered the original. Staff should sign onto the system only with their unique username and password.


The federal government, through the American Reinvestment and Recovery Act, offers incentive programs for providers who treat patients under Medicare or Medicaid and adopt paperless record keeping. The incentives are allocated on a sliding scale depending on when the paperless system was adopted; early adopters receive the highest payments. Details on the incentives can be found at cms.gov/EHRIncentivePrograms. If a dentist providing services through Medicare had not adopted a paperless system by 2015, Medicare reimbursement rates were set to decrease by small percentages every year thereafter. Dentists who provide services through Medicaid and plan to adopt, implement or upgrade paperless record keeping may be entitled to 85 percent of associated costs, up to $63,750 during a six-year period. Thirty percent of the patients seen during any 90-day period in a calendar year must be Medicaid patients for the dentist to qualify for the incentive. Dentists who provide care to both Medicare and Medicaid patients must choose one incentive plan; they cannot receive both.

Sensitive Patient Concerns148. Am I required to provide a sign language interpreter for my hearing-impaired patient? The Americans With Disabilities Act (AwDA) defines a dental office as a place of public accommodation. Therefore, dental offices cannot discriminate against individuals with disabilities by refusing treatment because of their disabilities or by charging more for accommodating their disabilities. The AwDA requires dentists to take reasonable measures to provide disabled individuals with access to dental treatment.

You can communicate with a deaf or hearing-impaired patient in a variety of ways. For example, use written notes, pictures or models to discuss the patient’s condition and recommended treatment. Office computers are also useful in conversing with a hearing-impaired patient. Some hearing-impaired individuals are very adept at reading lips and prefer to be spoken to. The best approach may be to let the patient indicate the form of communication he or she prefers. There may be times when using a sign language interpreter is appropriate, for example, when providing complex or extensive information in order to obtain informed consent for a procedure that carries significant risk.

149. How do I find a sign language interpreter?It is important that an interpreter accurately conveys what both doctor and patient wish to communicate. Some dental benefit plans and Denti-Cal offer interpreters for their beneficiaries. The local health department may be able to direct you to an organization that offers interpretation services. You can also contact the local hospital, as they typically have interpreters available. Local colleges are additional good resources for referrals to interpreters. You can find a list of agencies that assist in locating sign language interpreters on cda.org/practicesupport.

150. Who pays for the sign language interpreter?You may not have to hire an interpreter. A member of the patient’s family may be able to interpret or a service organization in your community might provide an interpreter at no cost. If no other resource is available and the patient is unable to communicate and understand by any method other than sign language, you may have to hire an interpreter. Under the AwDA, you would have to pay the cost of the interpreter and could not pass the cost on to the patient as a supplemental charge or increased fee for dental treatment. Should you determine that an interpreter is not required, the hearing-impaired person can file a complaint, and you must be prepared to justify your decision. A professional interpreter may be needed for increased patient confidentiality and/or to explain complex procedures.



151. Must I provide a foreign language interpreter?State law requires California health plans to provide services, materials and information to enrollees in a language they speak and understand. State regulations require health plans and insurers, including dental benefit plans, to develop and implement their own language assistance program. In addition to language assistance, health plans must translate such items as standard letters and notices of insurance eligibility and membership requirements; notices of denial, reduction, modification or termination of services and benefits and notices of the right to file grievances or appeals. While a patient scheduling an appointment may indicate that he or she requires an interpreter, it is the responsibility of the dental plan to provide that interpreter.

A dental practice that receives payments from certain types of government programs, such as Denti-Cal, Healthy Families, Medicare Advantage or electronic health records incentive (“meaningful use”), has an obligation to provide assistance to individuals with limited English proficiency (LEP) under Section 1557 of the Affordable Care Act. Section 1557 rules protect individuals from discrimination in health care based on race, color, national origin, age, disability and sex, including discrimination based on pregnancy, gender identity and sex stereotyping. (Note that accepting reimbursement under Medicare Part B does not require a dental practice to comply with Section 1557.)

The practice is obliged to ensure effective communication with all individuals with which it communicates, including a patient’s family or friend when it is appropriate. Language assistance services for individuals with LEP can include in-person or remote interpretation, as well as written translations of documents by translators. Such services must be provided free of charge, be accurate and timely and must protect the privacy and independence of the individual with LEP. The Office of Civil Rights within the U.S. Department of Health and Human Services enforces the rules.

152. How can staff determine whether a patient’s dog is a legitimate service animal? And are ani-mals that are being trained to be service animals allowed the same access as a service animal?A service animal should be on a leash and identified as a service animal by a tag issued by the county clerk, animal control department or other authorized agency. Staff may ask the patient if an animal is required because of a disability and for the patient to identify what task the animal is trained to perform. Staff may not ask about the extent of the individual’s disability or for documentation of the service animal’s training.

An individual who is licensed or otherwise authorized to train service animals has a right to be accompanied by an animal in training in public places without having to pay an extra charge or security deposit. The owner of a service animal or service animal in training is liable for any damage to property or injury to individuals the animal causes. Service animals are addressed in California law under Civil Code §§ 54.1 through 54.7. For more questions and answers on service dogs, see the U.S. Department of Justice website: ada.gov/qasrvc.htm.

153. Must I treat patients with HIV, HCV or other infectious diseases?A number of civil rights laws prohibit unwarranted discrimination against persons with infectious diseases. At the federal level, these laws are the AwDA and the Rehabilitation Act. Under the AwDA, a person is considered to have a disability if she or he has a physical or mental impairment that substantially limits a major life activity (such as breathing, walking, working, etc.), has a record of such an impairment or is perceived as having such an impairment. Accordingly, most courts are likely to treat HIV/AIDS, hepatitis and TB as both infectious diseases and disabilities for legal purposes.

In California it is a violation of the Unruh Civil Rights Act to refuse to treat a person who is HIV-positive.

Dentists should establish an office environment in which infected patients trust that they can be truthful about their medical condition and that this information will be kept confidential.

https://www.ada.gov/archive/qasrvc.htm


Dentists do not have the right to require disclosure of infectious diseases in order to refuse treatment based on a patient’s existing condition. These patients are likely protected by the AwDA. Further, standard infection control precautions, which assume that all patients are infectious, should be in place at all times in the dental office.

154. My patient is upset that I asked about his HIV status. Isn’t that something I should know?Yes, but an individual can be hypersensitive to the HIV status question for various reasons. For example, the patient may be aware that information about HIV status is protected and may be concerned with how a dental practice uses the information. Explain to the patient that various medicines can affect oral health and that in order to ensure optimum care, a dentist must know much about the patient’s health. Also let the patient know that failure to ask the question may be considered practicing below the standard of care. If required you may also inform the patient about the means you will use to protect the confidentiality of that information as required by law and that this status will not affect your willingness to provide treatment for their condition.

155. The patient wants to know my HIV status and that of my staff — do I have to provide the information? It depends on the type of procedure the patient is undergoing. Some courts have found that certain HIV-infected health care providers who undertake invasive procedures pose a direct threat of transmission that cannot be reduced to an acceptable level through the use of universal precautions. Accordingly, those courts have held that a provider’s practice could be restricted and/or that the provider must inform patients of his or her status; in other words, that the patient’s interest in knowing the HIV status of his or her health care providers supersedes an individual health care worker’s right to privacy.

There is no California appellate court ruling at this time mandating that health care providers disclose their HIV status to a patient. Notwithstanding, if an HIV-positive dentist sustained a cut that caused transmission of body fluids to a patient and the patient became HIV-positive, a court would likely rule that the patient could state a cause of action for the dentist’s negligent failure to warn patients of the HIV status. One California court has ruled that a physician who fails to inform a patient of a positive HIV test result could be liable to that patient’s sexual partner who became HIV-positive following sexual contact with the patient. The court ruled that the physician’s failure to warn presented a foreseeable risk of harm and thus was actionable.

Currently, there is no scientific evidence to indicate that HIV-infected health care providers pose an identifiable risk of HIV transmission to their patients. The ADA strongly affirms that universal precautions are an effective and adequate means of preventing transmission of HIV from dental health care workers to patient and from patient to dental health care worker.

156. Is obesity considered a disability? What is the best way to manage an obese patient?In some court cases, patients who are obese have been considered disabled. Although obesity is a medically defined condition, the courts are still working through various issues, such as level of obesity and whether it is caused by another medical issue, to establish a clear path to determining when a patient’s obesity allows protections under the Americans With Disabilities Act and other antidiscriminatory laws. The trend in legal cases appears to lean toward treating obesity as a disability. In California, San Francisco and Santa Cruz ban discrimination of obese individuals.

Dental staff in general are concerned about managing a morbidly obese patient who can potentially damage a dental chair. A dental practice should not turn away an obese patient without evaluating whether the patient can be accommodated. Find out the maximum load the chair can take. If maximum load is less than what the patient weighs, is there something that can be added to the chair that will increase capacity? Discuss this with the manufacturer’s representative. The expense need not be excessive and the practice is not required to purchase a new chair. Can a different chair, not a dental unit chair, be used? Take steps to ensure the patient can be safely treated in the substitute chair.


157. How do I handle a drug-seeking patient?Dental offices can be the target of individuals looking for an easy prescription for controlled substances. For this reason, limit issuing prescriptions to patients of record. Many times, a patient will call and ask for a prescription. Have a method in place to determine whether a caller is a patient of record. If you are taking calls for a colleague, determine how you can confirm whether a caller really is your colleague’s patient. If the caller is not a patient of record of your practice or of your colleague’s, you must use your professional judgment in determining whether to provide a prescription. If a caller states that he or she is in severe pain and needs medication, suggest meeting at your office or an emergency room to conduct an exam. Callers looking for a quick prescription will almost always decline an exam. In all instances, when someone calls to request a prescription, record the details of the contact and subsequent action.

If you have a DEA number, you must register to access Controlled Substance Utilization Review and Evaluation System (CURES) the state’s prescription drug monitoring program, which offers real-time access to its database of patient controlled substance history. The information is intended to assist you, the prescriber, in making the decision to prescribe and to reduce prescription drug abuse. More information on the program and a link to the electronic application can be found on the CURES site: oag.ca.gov/cures-pdmp. Dissemination or distribution of the controlled substance history information to anyone other than the registered user is prohibited. HIPAA and all confidentiality and disclosure provisions of state law cover the information contained in the database. All users of the information must comply with state and federal health information privacy laws.

158. Am I obligated to report signs of abuse or neglect upon examination of a child or elderly patient? What do I do if I see indications of domestic violence?Dental professionals are in an excellent position to recognize such abuse. Even when victims of violence avoid seeking medical attention, they will often keep routine and emergency dental appointments. As mandated reporters in California, dental professionals have a responsibility to report suspected child abuse and neglect, elder abuse and neglect and do-mestic violence where physical assault has occurred. Dentists, registered dental hygienists and registered dental assistants can be the first line of defense for an abuse victim and may improve the victim’s chances of obtaining assistance. A child is defined as such through the age of 18. An elder is defined as a person 65 and older. People with special disabilities at any age are also protected.

Confidentiality. When a report is made, your identity is kept confidential within the state offices involved in the reporting process. If a case should go to court, your identity would be made known to the court through your written report and documentation or if you were required to testify. You should be aware that the majority of cases never reach the courts, as the Department of Social Services attempts to rectify most occurrences in a variety of ways. If a case does go to court, your appearance may not be required, as the court uses your written report and documentation to substantiate the case. If you are required to testify, the court gives weight to your testimony, as you are the mandated reporter who initiated the report, using professional judgment.

Immunity. A mandated reporter is immune from civil or criminal liability when filing a report, whether or not it turns out that abuse has occurred. However, this does not mean that he or she cannot be sued. An individual can sue anyone. So the possibility does exist that a disgruntled parent or guardian might sue a mandated reporter. Even though the reporter will be found not guilty of any wrongdoing, he or she will have to mount a defense in court and pay for legal counsel. If a mandated reporter who reports child abuse/neglect is sued, the reporter can petition the state for up to $50,000 in compensatory legal fees. Other dental personnel may report abuse and neglect but are not required to do so under the law.

https://oag.ca.gov/cures


Penalties for not reporting. If a dental professional examines a child, suspects abuse, but does not report it and abuse is discovered to have occurred, that professional may be liable for civil or criminal prosecution, which can result in a fine of $1,000 and/or jail term of up to six months.

Additional information and resources can be found in the CDA Practice Support resource State Mandated Reporting, available on cda.org/practicesupport.

159. My patient is involved in a lawsuit. Do I have to testify? Doesn’t the dentist-patient privilege help me avoid this?Yes, you must testify as a witness to your treatment if you have been subpoenaed. You are not obliged to provide opinion testimony as an expert witness against your wishes even if you are subpoenaed. A patient waives the dentist-patient privilege by filing a lawsuit or claim related to dental treatment, whether you or another practitioner provided that treatment. Once the patient places his or her condition “at issue” in the lawsuit, the law presumes that the patient has waived all confidentiality regarding that condition. By filing a lawsuit alleging dental injuries, the patient implies authorization for the dentist to disclose all relevant information related to the treatment in question in a deposition or court testimony.

160. I have a long-time patient who in the last year has become increasingly forgetful. I am unaware of any family or close friends involved in his care. With whom may I discuss my concerns about the patient’s cognitive health? I am concerned not only about the patient’s well-being but also my liability if there is a question as to the patient’s consent to treatment.If the patient has provided you with the name of his physician, you may contact the physician to discuss your concerns. It may be that the physician is aware of the patient’s situation and is able to share information with you. Also consider asking the patient if there is anyone with whom you may speak regarding his care, for example, if your office is unable to contact the patient. Finally, if you believe the patient’s cognitive health is so far diminished that the patient is unable to safely care for himself, contact your county’s conservator office.

161. My minor patient is pregnant and I don’t think her parent knows. Can I tell the parent? While you may feel an obligation to tell her parent, your obligation is actually to keep the information confidential. Under state law (California Family Code §6925), a minor may consent to medical care related to prevention or treatment of a pregnancy. With the right to consent comes the right to privacy, and a health care provider is not permitted to inform a parent or guardian of a minor’s pregnancy without the minor’s consent. (California Health and Safety Code §§123110(a), 123115(a); California Civil Code §§56.10, 56.11)

Be sure you let the minor know that the information she has provided is confidential and will not be disclosed without her authorization. Also inform all staff not to discuss confidential information, even with one another, unless it is related to treatment. If another patient overheard your staff discussing a minor’s pregnancy and chose to tell the minor’s parents, your practice would be responsible for the breach in confidentiality.



Terminating the Relationship 162. I’m closing my practice — when and how do I tell my patients? All patients seen within the last two years should be told of your withdrawal from practice. If you are leaving the practice of dentistry and no one is assuming responsibility for the provision of emergency care, send written notification to your patients in sufficient time before closing your practice to allow them to secure the services of another dentist and to have dental records copied and forwarded. A copy of the letter should be placed in the patient’s chart. As a second notification, but not in place of the personal letter, you can also add notices to invoices and post signs in the office.

The letter should fulfill the following objectives:

• Advise patients of the importance of continued care, especially when treatment is in the temporary or provisional stages. • Assist patients in finding alternative care by referring them to at least two dentists and/or the local dental society. Include phone numbers. In the case of a sale, the buyer should review the notification letter for compliance with the terms of the sales contract. • State your termination date, including the last day you will be available for emergency care. • Add a separate authorization form for patients to allow release of their records to a new dentist. • Give the name, address and phone number of the location where copies of dental records can be obtained after the termination date.

You are required to give reasonable notice of the discontinuation of your treatment and provide the patient information as to how to obtain a new dentist to take over their care, which can include a specific referral or a general referral to a dental society patient referral number. It is preferable to give 60 days’ notice prior to your withdrawal from practice. (It is presumed that in cases of unexpected death or permanent disability of the dentist, when 60 days’ notice is not possible, patients will be seen in the office by a temporary replacement.) However, the amount of time a patient requires to find another dentist will vary according to the patient’s condition and the availability of alternative sources of care in the area. Thirty days is the minimum time one should allow. You must be prepared to provide emergency care to a patient for a reasonable time after you provide them notice of your planned office closure. If your dental practice is sold, you do not normally need to provide substantial notice of your retirement. No significant lead time is required upon sale of a dental practice as long as the purchasing dentist can perform emergency dental care.

If you are discontinuing your practice without another dentist purchasing the practice, you need to notify all your patients, and you should consider placing a notice in the local newspaper for at least two consecutive weeks. Include information about how and where patients can obtain copies of their dental records. You must ensure that either you or another person will maintain your patient records for at least seven years following the closing of your practice.

163. What are my obligations to my patients when I sell my practice?It is the seller’s obligation to inform all appropriate parties of the sale and to ensure that continuing obligations of the owner are terminated.

To prevent claims of abandonment and to assist in the transfer of goodwill from seller to buyer, the parties should mutually agree on a letter to be sent to the practice’s active patients, introducing the buyer and affirming the buyer’s availability to satisfy their dental needs. To allow transfer of records from seller to buyer, it is advisable to have patients sign a records release form. The seller should either return the completed forms to the buyer or require that the buyer assume custodial responsibility, including storage of inactive patient charts, which should be held offsite. The seller must also identify and schedule completion of treatment of all patients who have work in progress.


164. How do I dismiss a patient from the practice?To reduce your risk of liability and avoid a claim of abandonment, it is advisable not to withdraw from providing care if you are in the middle of treatment. Once treatment is complete, any factors that you believe are compromising a successful doctor/patient relationship are sufficient grounds for dismissal. Withdraw from care by notifying the patient in writing.

When you do so:

• Allow a reasonable amount of time for the patient to find another dentist; e.g., 30, 60 or 90 days (the circumstances for each patient will differ based on treatment status, ability to pay for treatment, access to care and geographical proximity of the patient to another dentist).• Indicate the exact date on which you will no longer be available for emergency care.• Give two viable referrals, such as the local dental society, two other practitioners or a managed care plan.• Enclose a form authorizing release of dental records with instructions for the patient to sign and return it to the dental office.

Remember that withdrawing from care should be done in writing and only after the patient’s treatment is complete to avoid claims of abandonment.