Compliance categories include OSHA, HIPAA, Infection Control, Fraud & Abuse, and Dental Radiation

The questions are grouped by major categories and then sub groups under those categories. You can look through the list of groups and sub groups or inquire using the drop down box below.

Click on the question to see the answer.



Radiation FAQ’s

Infection Control FAQ’s


HIPAA: Workers Compensation

My State law says I may provide information regarding an injured workers’ previous condition, which is not directly related to the claim for compensation, to an employer or insurer if I obtain the workers’ written release. Am I permitted to make this disclosure under the HIPAA Privacy Rule?

Does an individual have a right under the HIPAA Privacy Rule to restrict the protected health information his or her health care provider discloses for workers’ compensation purposes?

HIPAA: Personal Representatives

When an individual reaches the age of majority or becomes emancipated, who controls the protected health information concerning health care services rendered while the individual was an unemancipated minor?

How does a covered entity identify an individual’s personal representative?

May adults who are not of sound mind control their protected health information if they are able to authorize uses and disclosures of their protected health information?

Does a power of attorney given to a person for purposes other than health care, such as a power of attorney to close on real estate, authorize that person to access an individual’s health information as that individual’s personal representative?

How can family members of a deceased individual obtain the deceased individual’s protected health information that is relevant to their own health care?

HIPAA Compliance: Access & Denial of Access

When a patient requests copies of their records, we provide a copy of only those records generated by our practice. Is this allowed?

Can a practice refuse to provide copies of records to a patient if those records were received from another provider?

Are there HIPAA restrictions that prevent a medical office from releasing medical records to another office and/or the patient if they owe a balance? Our business office is proposing that they be notified when there's a request to transfer.

HIPAA Compliance: Breach

An employee left the practice and took patient names, patient addresses, and patient medical records with them without specific patient permission – Is this a Privacy Violation?

I have a breach that involves just one patient record. Do we have to report it to Health and Human Services?

When reporting a breach to HHS, we thought we understood that there was an alternative that the practice can post the breach on their website instead of reporting it to HHS and having it appear on their website……can you clarify when this alternative comes into play for the practice to exercise?

HIPAA Compliance: Release of PHI & Records

Must a covered health care provider obtain an individual’s authorization to use or disclose protected health information to an interpreter?

Can a caregiver from the nursing home/group home sign the acknowledgement of receipt for a patient that is unable to do so? There is often no family present and/or they have no paper work stating they have guardianship.

DOT requires drug testing of all applicants for employment in safety-sensitive positions and that employers must be notified in writing of positive alcohol and drug test results. Does this mean healthcare providers can release this information to employers without a patient authorization?

HIPAA Compliance: Business Associates

When a covered entity, such as a doctor, uses a certified Telecommunications Relay Service to contact patients with hearing or speech impairments, is the Relay Service a business associate of the doctor?

HIPAA Compliance: Encryption

Can we receive completed personal history information sent by patients through the email without setting up a secure or encrypted email system? Are we required to have email encryption?

HIPAA Compliance: Release & Use

Can thank you postcards be sent to patients or must they be enclosed in an envelope?

Can a physician’s office FAX patient medical information to another physician’s office?

Does the HIPAA Privacy Rule permit doctors, nurses, and other health care providers to share patient health information for treatment purposes without the patient’s authorization?

HIPAA Compliance: Marketing

Can our practice communicate new product and/or treatment information to patients?

HIPAA Compliance: Training

We have students from the local high school that from time to time will come in and observe what we do. How do we handle this for HIPAA?


If a practice revises their NPP, how must it be communicated to patients that were sent the previous version? Does it have to be mailed to each patient?


HIPAA Compliance: Minors

What are the applicable laws regarding access and control of PHI for minors?


OSHA: Cleaning Logs

How long (how many years) we have to keep room cleaning logs?

OSHA: Sharps Injuries

Does OSHA's definition for "contaminated sharp" include non-needle sharps such as blades and scalpels? If a facility used conventional blades and scalpels, and if safety-engineered options were commercially available, would healthcare facilities be required to use them?

We have an employee who was removing a blade from a blade handle and stuck her finger. Does it need to be reported? She does not want to do anything.

What is OSHA's position regarding the use of blood tube holders, specifically removing a needle in order to re-use a tube holder? Must each blood tube collection device be disposed of with the needle attached each time they are used?

OSHA: Personal Protective Equipment

We wear jackets while working on patients, but one day my hygienist wore a long sleeve shirt instead of a jacket. Does this count as barrier protection?

OSHA: Radiation

We currently use the badges to test the levels of radiation exposure in the office. We have recently switched to a digital system, which has less radiation than the previous standard x-ray system. Do we still need to use the radiation badges? Is there any regulation with OSHA about that?


Are electronic copies and access for MSDS compliant with OSHA standards?

OSHA: Regulations

Does the revised Bloodborne Pathogens Standard apply to medical or dental offices that have fewer than 10 employees?

Do I have to keep a sharps injury log? Does it have to be confidential?

What if a safer option is not available for the medical device that I use?

How many non-managerial employees do I need to include in the process of choosing safer medical devices?

What if I've never had an employee experience a needlestick, do I still need to use safer devices?

By what date do we have to implement safer medical devices?

Does the "Needlestick Act" apply to me?

How does the revision affect states that operate their own federally-approved occupational safety and health programs?

How does the "Needlestick Act" apply to OSHA's Bloodborne Pathogens Standard?

What is the Needlestick Safety and Prevention Act?

OSHA: Employee Training

Does this trainer need to physically be in the classroom or is it acceptable for the trainer to be contacted via phone, e-mail, etc. to answer any questions the students have during internet (electronic) training classes?

Does 1910.1030(g)(2)(viii) require that the person conducting bloodborne pathogens training be a health care professional?

OSHA: Hazard Communication

What is the definition of "corrosive materials" and the definition of "exposed to"?

When are eyewash and shower fixtures required?

OSHA: Engineered Safety Devices

What is OSHA's position regarding the use of blood tube holders, specifically removing a needle in order to re-use a tube holder? Must each blood tube collection device be disposed of with the needle attached each time they are used? Answer taken from an OSHA Interpretation letter.

OSHA: Hep B Documentation

When do we need to test our employees for TB? We have been testing them annually.

If an employer is unable to obtain copies of the actual records verifying an employee's HBV vaccination, is it required that employers provide a blood test to document hepatitis B immune status?

Some employees who have been previously vaccinated do not have copies of the vaccination records indicating the exact dates of vaccination. What type of record is sufficient to document an employee's hepatitis B immunization status under the bloodborne pathogens standard?

Radiation FAQ

Radiation: Dental X-Ray

I was told that lead apron shielding was not necessary for cephalometric or panoramic x-rays. Is this true?

Dental supply companies are now offering and advertising lead-free aprons. They all say the aprons are DIN or FDA approved. Does this mean dental clients can use these new technologies in place of the traditional lead vinyls?

We are installing eyewash stations in the dark rooms. However, several of our offices do not have sinks or space in the dark room to install an eyewash station. What are we to do for compliance since the squeeze bottles are no longer acceptable?

Are NC facilities required to post a radiation sign on or by each door where x-ray is performed or is one sign on a hallway of operatories sufficient?

Do you need to use aprons with digital x-rays?

Infection Control FAQ

Infection Control: Sterilization

How many years should we keep sterilization records and logs?

Do we have to document every load we run in each autoclave?

Can we use a household dishwasher to clean instruments utilized for procedures in our practice?

Infection Control: NC IC Law 0206

How often do we have to attend the employee training?

How will we know if we have to comply with this law?

Do we need to have one person in each location that has attended the Infection Control training?