They’re ba-aaack! Stay on top of all OSHA and HIPAA regulations this year, or they’re bound to take a toll on your team.

DENTISTS HAVE ENOUGH to do: build their practice, hone their craft, master new technology, manage their team . . . and, as 2019 rounds into the second quarter, make sure—shudder—that they’re fully up to speed with the two-headed monster known as mandatory OSHA and HIPAA updates.

Tempted to ignore them? That’s understandable, but don’t. Doing so will wreak havoc on many a procrastinating practitioner. These mandates are often dismissed and frequently misunderstood. Don’t let an impromptu audit catch you off-guard—armor up! Any inspector who comes knocking in 2019 will be looking for these two compliance pitfalls above all:

  1. Failure to achieve hospital-grade disinfection. Have you set up these intensified protocols yet? What about the required training of your employees? Many practitioners aren’t even aware of this major OSHA/Centers for Disease Control update. For the last decade, the CDC has been watching dental-practice infection-control protocols, and they report “breakdowns in basic infection-prevention procedures includ[ing] unsafe injection practices, failure to heat-sterilize dental handpieces between each patient and failure to properly monitor heat sterilizers.” (A free document download, “Summary of Infection Prevention Practices in Dental Settings,” is available for free download at It makes for sobering reading.)

That’s only the first step in this process, though. The full OSHA/HIPAA remedy for this year entails doing the following:

  • printing, studying and implementing the CDC’s directives;
  • training all your employees on these protocols;
  • and implementing all protocols.
  1. Failure to complete a HIPAA Risk Assessment Report. What is this, and why does your practice need to complete one every year?

HIPAA requirements got a major update in 2013 with the release of the HIPAA Omnibus Rules. These 580 pages of holy writ should by now be fully implemented within your practice. Protocols include meeting current HIPAA configuration standards for computers, internet, emails, faxes, texts, patient correspondence, patient check-in and checkout, business-vendor confidentiality agreements, unique computer and alarm entry passwords for employees and more. In addition, every one of your team members should be taking a HIPAA Omnibus Rules Training Course annually to stay on top of all updates.

The Risk Assessment Report is a set of 120 to 150 government questions that test the “soundness” of your current HIPAA protocols. An auditor will want to see this first above all else. You can get a free Risk Assessment Report template at The bad (or worse) news: The template can take between 20 and 40 hours to complete. IT techs or medical-data backup companies can create it for you, but the cost averages around $2,000 a year.

There are easier and less time-consuming options available, however. Do an online search for quick, affordable HIPAA Risk Assessment Reports. Better still, contact my company, Dental Enhancements, anytime for a free compliance consultation. Staying up to date on these regulations can be a pain. Failure to do so is far more painful still. •

JILL OBROCHTA is the Florida-based founder of Dental Enhancements, an OSHA and HIPAA solutions company. She offers no-obligation consultations and can be reached anytime at 941-587-2864 or