ADA emphasizes regulatory alignment with HIPAA, scalability for small providers
Protecting sensitive personal information is critical to patient trust
The ADA is emphasizing the need for regulatory alignment with the Health Insurance Portability and Accountability Act, scalability for small providers and the importance of education and voluntary compliance tools in improving cybersecurity readiness.
This is in a response to the House Energy and Commerce Committee’s request for information. The response provides input to the committee’s Privacy Working Group on federal comprehensive data privacy and security policy. Protecting sensitive personal information is critical to patient trust and high-quality care, according to the March 26 ADA letter, which outlines key principles for a comprehensive framework that supports patient privacy while also recognizing the operational realities of dental practices.
“As representatives of the dental profession, we recognize the importance of safeguarding data while ensuring that new regulatory requirements are practical, scalable and aligned with existing health privacy laws such as the Health Insurance Portability and Accountability Act,” reads the letter, which is signed by ADA President Brett Kessler, D.D.S., and Interim Executive Director Elizabeth Shapiro, D.D.S., J.D.
In the letter, Drs. Kessler and Shapiro said regulation should encourage proactive engagement in the adoption of cybersecurity tools and best practice, noting that dental practices primarily function as covered entities under HIPAA and should not be subjected to “duplicative or overly burdensome regulations.”
They also said current requirements for business associates fall short of ensuring regulatory compliance and shift the burden to small businesses, advocating for a safe harbor for small companies if a security breach results from a business associate’s failure to adhere to regulations and best practices. Additionally, they called for a federal comprehensive privacy law to consolidate resources and provide a singular authority, stating that the current environment is too complex for many regulated entities to track.
Regarding data security, the ADA leaders recommended beginning with a focus on education, not enforcement, for the time being, adding that new regulations and provisions for privacy and security should be staggered. Finally, when it comes to accountability and enforcement, the ADA leaders said audits and compliance testing should be used for assessing effectiveness, “allowing entities to resolve outstanding issues and improve their policies without costly enforcement actions unless there is a failure to remediate ongoing system issues.”
“The ADA appreciates the opportunity to contribute to this critical discussion on federal data privacy and security. We encourage the Privacy Working Group to adopt a balanced, risk-based approach that both safeguards patient data and allows dental practices to operate effectively,” Drs. Kessler and Shapiro wrote. “The ADA looks forward to continued engagement on this issue and welcomes further collaboration. We stand ready to provide additional insights or participate in stakeholder discussions to help shape a practical, effective regulatory framework.”
Follow all the ADA’s advocacy efforts at ADA.org/Advocacy.
