Myth vs. Fact: 5 Washington Dental Compliance Misconceptions — And Their Risks to Your Office
Managing compliance in your Washington dental office can feel complex and overwhelming. That’s why the Washington State Dental Association created ComplyBetter — an online, on-demand dental compliance service that gives dentists and teams the tools to easily and confidently meet HIPAA, OSHA/WISHA, infection control and bloodborne pathogens compliance requirements.
Whether you’re considering switching from a traditional compliance vendor or are new to using a dental compliance service, don’t mistake these myths for facts!
Myth #1
❌ "In Washington, compliance training must be live/in-person and cannot be online."
✅ Fact: Though some compliance providers may claim that training must be completed live or in person to be compliant in Washington, this is incorrect.
HIPAA: The HIPAA Privacy Rule (45 CFR § 164.530(b)) requires covered entities to train all workforce members on their own policies and procedures. Security awareness training is also required for all team members (including management) under (45 CFR § 164.308(a)(5)). Training must be provided upon hire, and retraining is required when policies or procedures change materially. Neither regulation mandates in-person delivery or specifies a required format.
Infection Control: The Washington State Department of Health explicitly states that annual infection control training may be completed online or in-person.
Bloodborne Pathogens: WAC 296-823-12005 requires bloodborne pathogens training to include an opportunity for questions, but this can be satisfied through email, online chat, or other interactive elements. The regulation does not require in-person delivery.
WISHA Safety Training: WAC 296-800-14020 requires employers to develop, supervise, implement, and enforce safety and health training programs that are effective in practice. The regulation does not mandate in-person delivery or specify a required format.
ComplyBetter offers high-quality online training to fully satisfy HIPAA, OSHA/WISHA, infection control and bloodborne pathogens compliance requirements for Washington dental offices.
In addition to interactive course elements, our expert compliance team is available to answer follow-up questions as part of the service provided with your membership.
ℹ️ What About BLS/CPR?
For licensed Washington dental professionals, WAC 246-817-720 requires that dental staff providing direct patient care hold a current health care provider-level BLS certification that includes both a didactic component and an in-person skills assessment. Because of the in-person skills assessment requirement, BLS/CPR training cannot be completed fully online.
However, BLS/CPR is a separate, stand-alone requirement from HIPAA, OSHA/WISHA, infection control or bloodborne pathogens. These compliance requirements can be satisfied online, separately from required BLS/CPR training.
BLS/CPR certification is tied to each clinician’s individual license renewal, so it is the responsibility of each licensed provider to maintain it.
As an employer, whether you provide BLS/CPR training in-office (and pay employees for their time) or expect team members to complete it on their own depends on your practice’s policies. If you arrange the training during work hours, wages must be paid. If employees complete it independently to keep their licenses current, that can be done outside of office time, so long as you maintain documentation for your office’s compliance records.
ComplyBetter’s Complete Guide to Dental Compliance checklist course helps dental offices understand and track third-party completion of this requirement.
Myth #2
❌ "I need annual on-site visits from a compliance vendor to be compliant."
✅ Fact: No Washington state regulation requires annual vendor visits. Requirements focus on documented training, written policies, and proper procedures — not who delivers them or where. “On-site compliance review” is a vendor service, not a regulatory requirement.
ComplyBetter gives you self-service online tools to maintain compliance year-round. Annual vendor visits are a choice, not a mandate.
Myth #3
❌ "I have to have a physical, printed OSHA/WISHA binder in my office."
✅ Fact: You are not required to have a physical OSHA/WISHA binder in your office. What you must do, according to WAC 296-800-140, is establish, supervise and enforce an accident prevention program (APP) that is effective in practice.
What does “effective in practice” mean, practically speaking? Regardless of format, to be OSHA/WISHA compliant, your APP should be:
Easily accessible and navigable for your entire team
Reviewed and updated at least annually and throughout the year whenever office policies or procedures change
Used to train all employees at least annually and throughout the year whenever office policies or procedures change
Used to train new hires upon hire
These requirements could be satisfied with printed materials, but only if those materials — and how you implement them in your office — meet all of the above.
ComplyBetter offers an improved alternative to a printed OSHA/WISHA binder. Our online platform:
Generates a customized OSHA/WISHA Accident Prevention Program tailored to your office’s specific needs.
Provides your office’s APP to each member of your team and trains them on your office-specific policies.
Automatically assigns online training to new employees that they can complete right away.
Keeps your office’s current APP easily accessible to the entire team in their ComplyBetter accounts.
Allows for easy, unlimited updates (at no extra cost!) annually and throughout the year with self-service document creation tools.
Myth #4
❌ "My office only needs to complete general HIPAA and OSHA/WISHA training each year to be compliant. I know we’re covered because we do this every year."
✅ Fact: In addition to general HIPAA and OSHA/WISHA training, you must also provide training on your office’s specific HIPAA Policies & Procedures and OSHA/WISHA Accident Prevention Program. If office policies or procedures change, you must update relevant plans and re-train your team to remain in compliance.
State and federal law also require multi-year training documentation.
HIPAA requires documentation of training to be maintained for 6 years.
Infection Control training documentation must be maintained for 5 years.
Bloodborne Pathogens training documentation must be maintained for 3 years.
Inspectors don't accept “We do it, we just didn't write it down.” ComplyBetter generates dated, formatted documentation so that when the inspector asks for proof, you have it immediately at hand — timestamped and ready.
Myth #5
❌ "We don't need to track our vendors — they handle their own HIPAA compliance. If our vendor causes a HIPAA violation, we're not responsible."
✅ Fact: HIPAA (45 CFR § 164.308(b)(1)) requires you to know which vendors access PHI and to have Business Associate Agreements (BAAs) in place with each one, and 45 CFR § 164.530(f) makes clear that if you become aware of a pattern of noncompliance by a business associate and fail to act, you are out of compliance — not just your vendor.
If your vendor causes a breach, you face the investigation. As the HHS Office for Civil Rights showed in its 2025 enforcement action against Oregon Health & Science University: You cannot outsource your compliance responsibility. Covered entities are ultimately responsible for meeting HIPAA deadlines and requirements, regardless of vendor performance.
ComplyBetter's Vendor Documentation tool helps you keep track of who has access to PHI, whether BAAs are in place, and keeps vendor relationships documented — so you know exactly where you stand.
Make the Switch to ComplyBetter
Created by the Washington State Dental Association, ComplyBetter is improving how hundreds of Washington dentists and counting manage dental compliance and train their teams.
Our affordable, modern online tools and helpful support team are here to make HIPAA, OSHA/WISHA, infection control and bloodborne pathogens compliance easier for your dental office.
Get started today or connect with our team to learn more or schedule a demo.