You must be signed in to read the rest of this article.
Registration on CDEWorld is free. You may also login to CDEWorld with your DentalAegis.com account.
Business owners know they must protect their liability by complying with state and federal regulations that apply to their business. First, they must understand the regulations before they can develop programs to comply with the regulations. In some cases, the way that one business owner applies a regulation can also affect another business owner, such as between dentists and laboratories. In these situations, communication between businesses is imperative. Some of these regulations require the dental practice and the dental laboratory to collaborate on compliance.
This course will provide background information on some of the state and federal regulations that dental practices and dental laboratories must consider in the operation of their business. The focus will be on OSHA, FDA, UDI, EPA, Dental Practice Acts, Sunshine Act, Medical Device Tax, and HIPAA regulations.
Occupational Safety and Health Administration (OSHA)
The Occupational Safety and Health Administration was established in 1971.1 OSHA's standards now protect workers from all workplace hazards and require employers to develop health and safety programs applicable to the hazards in their workplaces.
The Hazard Communication Standard2 was developed to protect workers from hazardous chemicals. Asbestos was of primary concern in the 1970s and deaths of workers due to asbestos exposure was instrumental in the formation of OSHA and worker safety laws. There are many hazardous chemicals used in dentistry; therefore, dental practices and dental laboratories must train their employees on the hazards of the products used in the facility. This includes making Safety Data Sheets (SDS) available to workers and also ensuring that products are labeled to provide hazard warnings. The new SDS format and symbols/pictograms are a part of the 2012 update to the Hazard Communication Standard. Employers must train their workers upon hire and whenever a new chemical is introduced into the workplace.
The Bloodborne Pathogen Standard (BPS)3 went into effect in 1992 and established how workers are protected from exposure to potentially infectious items. The use of personal protective equipment (PPE) was not always an easy requirement to adapt to, but today dentists, dental staff, and dental technicians recognize how PPE protects them in their jobs.
With the BPS, employers must develop an Exposure Control Plan. Category I and Category II workers must be identified as well as the tasks that can expose workers to potentially infectious items. Category I workers in a dental practice include dentists, assistants, hygienists, and sterilization coordinators. In a dental laboratory, Category I tasks can include picking up cases from the dental offices, unpacking and disinfecting incoming work, grinding on clinically poured models, handling implant components, denture repairs, and relines. Now that chairside services have expanded what dental technicians can do, the dental laboratory and the dentist must assume responsibility for protection of these technicians.
The BPS requires employers to train employees upon hire and offer them the Hepatitis B vaccine if their job tasks can potentially expose them to infectious items. This offer must occur within 10 days of hire and is paid for by the employer. If the employee refuses the vaccine, then the employee must sign a Refusal. Should the employee change his/her mind later, then the employer must provide the vaccine. The Hepatitis B vaccination series is composed of three injections that must take place on a specific time schedule, ie, initial injection, the second injection one month later, and the third injection five months after the second injection. The Centers for Disease Control considers a titer test one to two months after the third injection to be a part of the vaccination series.4
The Food and Drug Administration (FDA)
The FDA's mission is to protect the public health by ensuring the safety, efficacy, and security of human and veterinary drugs, biological products, and medical devices. The FDA also ensures the safety of the nation's food supply, cosmetics, and products that emit radiation. In dentistry, the FDA regulates the drugs and medical devices that are used in patient treatment. Even items like tongue depressors and thermometers are classified by the FDA.
"Today, the FDA regulates $1 trillion worth of products a year. It ensures the safety of all food except for meat, poultry, and some egg products; ensures the safety and effectiveness of all drugs, biological products (including blood, vaccines, and tissues for transplantation), medical devices, and animal drugs and feed; and makes sure that cosmetics and medical and consumer products that emit radiation do no harm."5
Even though the medical devices and drugs used and prescribed by dentists must be cleared by the FDA, the FDA does not regulate a dental practice as long as its practice provides the professional services allowed by a licensed healthcare provider. On the other hand, the dental laboratory that manufactures, develops, and/or imports dental devices is regulated by the FDA and must comply with 21 CFR Part 820 Quality System Regulation and other FDA regulations applicable to labeling, recalls, Medical Device Reporting, and electronic signatures and records.
FDA Part 820 Quality System Regulation6 provides the guidelines for establishing Good Manufacturing Practices (GMPs). Dental laboratories must develop GMPs appropriate to their business model.
Dental laboratories also must register with the FDA if they:
• Manufacture classified devices such as sleep devices and snore guards
• Import from foreign manufacturers
• Repackage/relabel imported or classified devices
• Use technology to mill custom implant abutments
The registration fee in 2018 is $4,624. When registering, most establishments must list the devices that are made there and the activities that are performed on those devices.7 Some devices require premarket approval or notification before being marketed in the US, so the establishment should also provide the FDA premarket submission number (510(k), PMA, PDP, HDE).
The FDA also uses postmarket surveillance tools to monitor device performance. FDA reports that each year it receives several hundred thousand medical device reports of suspected device-associated deaths, serious injuries, and malfunctions. Medical Device Reporting (MDR) 21 CFR Part 8038 requires manufacturers, device user facilities, and importers to submit a report to the FDA if there has been a device-associated death, serious injury, or malfunction. The FDA then investigates to determine if the device should be recalled.
The public has access to the mandatory reports filed by manufacturers and importers plus voluntary reports from healthcare professionals, patients and consumers in the MAUDE database (Manufacturer and User Facility Device Experience).9
Unique Device Identification (UDI)
The FDA has established a system to identify medical devices through their distribution and use. It is the unique device identification system (UDI), 21 CFR §830.300.10 A dental laboratory that manufactures Class II devices must bear a UDI in human- and machine-readable form on the label and/or packaging according to 21 CFR §801.20.11 The dates on the labels must be formatted as required by 21 CFR §801.18.12 Device labelers must also submit certain information about each device to the FDA's Global Unique Device Identification Database (GUDID). The public can search and download information from the GUDID.
Environmental Protection Agency (EPA)
When storing and disposing of potentially infectious items, dental practices and dental laboratories must follow EPA-regulated waste requirements. Regulated waste that can be generated in a dental practice includes contaminated sharps such as needles, orthodontic wires, cotton rolls, gauze, gloves, and protective clothing. These items are considered to be biohazardous if they have not been decontaminated prior to disposal.
Each state has an agency that regulates this type of disposal. In the state of Georgia, for instance, contaminated items that weigh less than 100 pounds per month13 can be placed in a biohazard bag, then a regular black trash bag, and disposed of in regular trash. If the facility disposes of more than 100 pounds per month, that waste must be packaged in a biohazard bag of sufficient strength to contain the biohazardous items and then picked up by a licensed regulated waste hauler.
A dental laboratory receives impressions and other items that have been in a patient's mouth. These items must be presumed to be infectious; therefore, they are disinfected in the dental laboratory prior to handling in production areas.
There is also other regulated waste generated in dentistry that must be disposed of according to EPA regulations. Amalgam used in dental practices contains mercury; therefore, any extracted teeth and main traps that contain amalgam must be disposed of in a special container. Mercury must not be incinerated, so the special container will be processed through appropriate recycling methods by a licensed hazardous waste handler.14
State Boards of Dentistry
Each state regulates dentists in their state through an agency like the Board of Dentistry (the Board). The Board is an agency of the state government, is created by the state legislature, and governs the qualifications for and the practice of dentistry within the state. The Board's authority in each state usually has responsibility for:
• Determining licensure qualifications
• Issuing licenses to qualified individuals
• Establishing standards of practice and conduct
• Taking disciplinary action against misconduct
• Promulgating rules to enable the Board to perform its duties
This is also where a dental laboratory would view the requirements placed on it in regard to licensure, credentialing, material disclosures, and other information that the laboratory must provide to the dental clients in that state. Some Boards require the dental laboratory to be registered to accept work authorizations from dentists. Texas,15 South Carolina,16 Florida,17 Kentucky,18 and Minnesota19are some of the states that have registration requirements. A dental laboratory that is not located in a state that requires registration may or may not be required to be registered. Florida and Minnesota are examples of states in which dental laboratories must be registered. However, dental laboratories outside the state manufacturing dental devices for dentists located in Florida and Minnesota are not required to register.
Some of the rules established by state Boards could regard:
• Contents of the work authorization or prescription provided by the dentist to the dental laboratory
• Dentist's license number: Good practice for dental laboratory to verify the status of the license and re-verify perhaps annually to ensure license is active
• The retention period for the work authorization
• Patient identification in a denture
• Disclosure of materials, country of origin, and use of a subcontractor
• Legality of chairside services
• Signature of the dentist. With the use of digital prescriptions, the dental laboratory needs to ensure that the state requirements of having a signature is also met. Many of the state Boards have not kept up with new technology, therefore electronic signatures are not covered. The state of Ohio for instance still states in the dental practice act that the signature must be in ink.20
Dental laboratories must comply with the rules in the states where they do business for the protection of their own liability and the liability of their dental clients.
Sunshine Act
Healthcare product and device manufacturers are required to publicly disclose "transfers of value" (TOV) such as gifts, meals, consulting fees, etc. This requirement is generally referred to as the Sunshine Act and does apply to dentistry.
The Government in the Sunshine Act (Pub.L. 94-409, 90 Stat. 1241, enacted September 13, 1976, 5 U.S.C. § 552b) is a US law that affects the operations of the federal government, Congress, federal commissions, and other legally constituted federal bodies.
The Physician Payments Sunshine Act (PPSA),21 also known as section 6002 of the Affordable Care Act (ACA) of 2010,22 requires US manufacturers of drugs, biological products, medical supplies, and medical devices covered under Medicare, Medicaid, or Children's Health Insurance Program (CHIP)23 to annually report TOV to the Secretary of the Department of Health and Human Services. The purpose is to provide greater transparency in their relationship to life sciences companies and to act as a deterrent to questionable conduct and conflicts of interest.
Medical devices that have a product code with FDA and are paid for by Medicare, Medicaid, or SCHIP are covered. In dentistry, an example would be a sleep appliance which has a product code LRK or LQZ. If a laboratory wants a doctor to promote their sleep appliance and the laboratory provides something of value to the dentist to promote the sleep appliance, then that would be reportable.
Medical Device Tax
Section 4191 of the Internal Revenue Code24 imposes an excise tax on the sale of certain medical devices by the manufacturer or importer of the device. The medical device must have an FDA product code. Therefore, very few products sold by a dental laboratory to a dentist would meet this criteria. Sleep appliances, sequential aligners, and all imported finished devices are examples of dental products that would meet this requirement. Currently, there is a moratorium on the tax. The tax is planned to go into effect on January 1, 2020.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA25 was passed in 1996 but it has undergone many updates since then. Congress passed this law to provide for standards for electronic healthcare transactions and code sets. This resulted in better privacy protections for patient health information. This rule has been strengthened with the 2009 HITECH ACT that required Breach Notification and other enhancements to foster public confidence in the retention of their private information by healthcare providers. In 2013, the rule was updated to enhance compliance and changed the content that must be included in the Notice of Privacy Practices that is provided to patients. The General Provisions and standards for Security Standards, Breach Notification, and Privacy can be found in 45 CFR 164.26
Dental practices must develop and implement privacy practices and security practices to protect the confidentiality, integrity, and availability of Protected Health Information (PHI). HIPAA refers to these entities as a "Covered Entity." The dental practice may provide PHI to others outside of the practice as long as that entity or person has a need-to-know that information. It's not uncommon for dental practices to disclose PHI for the purpose of billing, document storage, disposal such as shredding and recycling, and fee collections. These entities are referred to as Business Associates and must enter into written Business Associate Agreements with the Covered Entity.
The dental practice can also communicate and provide PHI to other healthcare providers. These entities are involved in patient treatment planning, therefore, are not considered a Covered Entity. In March 2017 the American Dental Association received reaffirmation from the US Health and Human Services Office for Civil Rights (OCR) that a dental laboratory meets HIPAA's definition of a "healthcare provider." This means that the dental laboratory does not have to enter into a Business Associate agreement with the dental practice unless it provides "other (nontreatment) services or functions on behalf of the provider that fall within the definition of business associate and require access to protected health information," the OCR notes.27
Conclusion
There are other regulations that apply to dentistry; this course provides an explanation of some of the major requirements that affect the relationship between dental practices and dental laboratories. The collaboration between dental practices and dental laboratories continues to expand due to technology, so communication is important as it relates to the laws and rules covered in this course.
About the Author
Mary A. Borg-Bartlett
President
SafeLink Consulting, Inc.
References
1. Timeline of OSHA's 40 Year History. United States Department of Labor Web site. Available at: https://www.osha.gov/osha40/timeline.html. Accessed October 17, 2017.
2. Hazard Communication Standard. Occupational Safety and Health Administration Web site. Available at: https://www.osha.gov/pls/oshaweb/owadisp.show_document?p_table=standards&p_id=10099. Accessed October 17, 2017.
3. Bloodborne Pathogen Standard. Occupational Safety and Health Administration Web site. Available at: www.osha.gov/pls/oshaweb/owadisp.show_document?p_table=standards&p_id=10051. Accessed October 17, 2017.
4. Guidelines for Infection Control in Dental Health-Care Settings (2003). Centers for Disease Control Web site. Available at: https://www.cdc.gov/mmwr/preview/mmwrhtml/rr5217a1.htm. Accessed October 17, 2017.
5. Laws Enforced by FDA. U.S. Food and Drug Administration Web site. Available at: https://www.fda.gov/RegulatoryInformation/LawsEnforcedbyFDA/default.htm. Accessed October 17, 2017.
6. Quality System Regulation. Code of Federal Regulations Title 21, Part 820. Available at: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=820. Accessed October 17, 2017.
7. Device Registration and Listing. U.S. Food and Drug Administration Web site. Available at: https://www.fda.gov/medicaldevices/deviceregulationandguidance/howtomarketyourdevice/registrationandlisting/default.htm. Accessed October 17, 2017.
8. Medical Device Reporting. U.S. Food and Drug Administration Web site. Available at: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=803. Accessed October 17, 2017.
9. MAUDE Database. U.S. Food and Drug Administration Web site. Available at: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfMAUDE/search.CFM. Accessed October 17, 2017.
10. Code of Federal Regulations Title 21 Part830.300. U.S. Food and Drug Administration Web site. Available at: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfCFR/CFRSearch.cfm?fr=830.300. Accessed October 17, 2017.
11. Code of Federal Regulations Title 21 Part801.20. U.S. Food and Drug Administration Web site. Available at: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?fr=801.20. Accessed October 17, 2017.
12. Code of Federal Regulations Title 21 Part801.18: U.S. Food and Drug Administration Web site. Available at: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?fr=801.18. Accessed October 17, 2017.
13. Rules of Georgia Department of Natural Resources Environmental Protection Division, 391-3-4-.16. http://rules.sos.ga.gov/gac/391-3-16. Accessed October 17, 2017.
14. Mercury in Dental Amalgam. U.S. Environmental Protection Agency. Available at: https://www.epa.gov/mercury/mercury-dental-amalgam. Accessed October 17, 2017.
15. Dental Labs & Mobile Facilities. Texas State Board of Dental Examiners Web site. Available at: http://www.tsbde.texas.gov/DentalLabsandMobileFacilitiesMenu.html. Accessed October 17, 2017.
16. Code of Laws, Title 4, Section 40-15-125. South Carolina Legislature Web site. Available at: http://www.scstatehouse.gov/code/t40c015.php. Accessed October 17, 2017.
17. Dental Laboratory. Florida Board of Dentistry Web site. Available at: http://floridasdentistry.gov/licensing/dental-laboratory. Accessed October 17, 2017.
18. Dental Laboratories. Kentucky Board of Dentistry Web site. Available at: https://dentistry.ky.gov/Dental-Laboratories/Pages/default.aspx. Accessed October 17, 2017.
19. Dental Laboratories. Minnesota Legislature Web site. Available at: http://www.house.leg.state.mn.us/comm/minls87/S0288DE2.htm. Accessed October 17, 2017.
20. State Dental Boards. American Dental Association Web site. Available at: https://www.ada.org/en/education-careers/licensure/licensure-dental-students/state-dental-boards. Accessed October 17, 2017.
21. Physicians and Teaching Hospitals. Centers for Medicare & Medicaid Services Web site. Available at: https://www.cms.gov/OpenPayments/Program-Participants/Physicians-and-Teaching-Hospitals/Physicians-and-Teaching-Hospitals.html?gclid=CLTNqtO9zL8CFRJk7AodbXcA2Q. Accessed October 17, 2017.
22. About the Affordable Care Act. U.S. Department of Health & Human Services Web site. Available at: www.healthcare.gov/law/full/. Accessed October 17, 2017.
23. Children's Health Insurance Program (CHIP). Medicaid Web site. Available at: https://www.medicaid.gov/chip/index.html. Accessed October 17, 2017.
24. Medical Device Excise Tax: Frequently Asked Questions. Internal Revenue Service Web site. Available at: https://www.irs.gov/newsroom/medical-device-excise-tax-frequently-asked-questions. Accessed October 17, 2017.
25. Public Law 104-191: Health Insurance Portability and Accountability Act of 1996. U.S. Government Publishing Office Web site. Available at: https://www.gpo.gov/fdsys/pkg/PLAW-104publ191/content-detail.html. Accessed October 17, 2017.
26. Security and Privacy. U.S. Department of Health & Human Services Web site. Available at: https://www.gpo.gov/fdsys/pkg/CFR-2011-title45-vol1/pdf/CFR-2011-title45-vol1-part164.pdf. Accessed October 17, 2017.
27. OCR responds to question about dental labs, business associate agreements. American Dental Association Web site. Available at: https://www.ada.org/en/publications/ada-news/2017-archive/march/ocr-responds-to-question-about-dental-labs-business-associate-agreements. Accessed October 17, 2017.