HIPAA Notice of Privacy Practices for Dental Practices

Dental practices — solo dentists, group practices, and DSO-affiliated offices — must provide a HIPAA Notice of Privacy Practices to every patient. Generate one in minutes.

Why dental practices need an NPP

Every patient who receives dental services from a HIPAA covered dental practice is entitled to a Notice of Privacy Practices at their first visit. HIPAA applies the moment your practice submits any standard electronic transaction — most commonly an insurance claim. Cash-only practices may not be covered entities, but the line is narrow.

Solo dentist vs. group vs. DSO-affiliated

Solo practice: you are the covered entity; your practice publishes the NPP.

Group practice: the practice entity (P.C., P.L.L.C., or similar) is the covered entity; a single NPP covers all dentists who practice there.

DSO-affiliated: the clinical P.C. is the covered entity. The DSO management company is typically a business associate that provides administrative services. The clinical entity issues the NPP; the DSO signs a BAA with the clinical entity.

Distribution for dental practices

• At first visit: provide the NPP; obtain written acknowledgment
• Waiting room: post a copy in a prominent place
• Website: post the NPP on your practice website
• On request: provide a paper copy to any individual who asks

Common business associates for dental practices

These vendors process PHI on your behalf and require a Business Associate Agreement (separate from your NPP): practice management software, dental imaging/PACS providers, cloud backup services, claims clearinghouses, IT support, billing services, and appointment reminder platforms. Your NPP tells patients about this category of disclosure in the "uses and disclosures for operations" section.

Not sure if your practice needs an NPP? Find out in 30 seconds →