Dental HIPAA Compliance
Due to the increase in the number of security breaches and lapses in the medical arena, the security of Protected Health Information (“PHI”) has become a top concern for many small to mid-sized medical and dental practices. The requirements of the 2005 HIPAA Security Rule were a game changer as it relates to the proper approach for practices to take in addressing overall security concerns. There is a common misconception that cyber security is covered due to the implementation of a system firewall or mandates preventing staff use of the internet while using office computers; it’s likely worthwhile for you to consider the following common cyber security threats that could lead to costly and detrimental HIPAA violations.
1. Old Dentist Software: Insufficient Backup System or Process
If your practice is still using a manual backup process for your outdated technology management system, it may be time to consider moving to a web based or Cloud-based certified EHR system. Loss of data, even accidental, is a common cause for practices to be selected for a HIPAA audit. Backup tapes or zip drives can easily be lost or misplaced resulting in a compromise to your PHI. Even an automated backup system may not be as secure as you think. Recently, I was consulting with a practice whose IT Manager employed a backup plan consisting of automated backups to a mirror server located in his home office. The IT Manager had failed to consider the possibility of theft occurring at his residence or the system being subject to compromise or hacking. The utilization of a cloud-based practice management system allows for 24/7 access to your PHI and provides 24/7 security monitoring by the professionals that host the platform. Total Dental® meets these requirements as it is certified by ONC for Meaningful Use and HIPAA compliance.
2. Missing or Incomplete Security Risk Analysis
Effective April, 2005, all clinical settings are required to conduct a Security Risk Analysis or SRA. This assessment helps practices determine the risk associated with protecting health information via their technology, administrative and physical processes. This process will help your team identify potential security lapses and mitigate the lapses associated with your current processes. The SRA is a HIPAA requirement and as a provider seeing patients, your office should have completed a SRA and maintain updates dependent upon practice activities or changes in staff, processes or procedures.
3. TrainingAnother aspect of the HIPAA Security rule is that your staff must be trained on the practice’s security policies and procedures. A critical aspect of compliance is that all policies, procedures and adherence to these must be documented in writing in order for you to satisfy HIPAA requirements. Your practice’s training curriculum must be kept current; for example, in the event of an office relocation, change in software system or provider, or security provider, then the practice’s security training must be revisited and revised accordingly. Again, remember that all staff or clinic training should be documented in writing and updated regularly.
4. Password SecurityPasswords can provide a protective foundation when used correctly or can act as a slippery slope into trouble when best practices are not followed. ALL individual users should have their own unique user name and passwords to your practice management system. Many offices make the mistake of letting part-time staff, administrative support or hygienists share passwords. The challenge with this is that shared passwords make it difficult to track which user has made changes to a PHI thereby making your software’s audit log useless. Monitoring the audit log is one of the key requirements of the HIPAA security rule. Your office should also have a written policy that instructs staff members to keep their passwords confidential and not share them with others.
Your office’s goal is to provide better patient care and that includes making sure all PHI is as secure as possible. Ensure the dental practice management software you are using is safe, secure and efficient. If you have any concerns, feel free to sign up for a FREE demo of the Total Dental® system.