The many-tentacled prospect of maintaining HIPAA compliance can overwhelm the best efforts of the most efficient dental office administrative and clinical teams—unless you have a good plan in place. Even if you do have a current dental practice HIPAA plan, there may be some areas of compliance that you have not yet addressed or considered.
A Managed IT Services provider that specializes in supporting dental professionals is fully familiar with requirements for dental practice HIPAA Compliance. Below are some of the key areas in which your dental IT services specialist can help ensure HIPAA compliance in your dental practice.
HIPAA Noncompliance in Dental Practices
The legal requirements for sharing and storing protected health information (PHI) have been changed over the past ten years. Today, all dental professionals who handle PHI must meet the new, stricter HIPAA rules for preserving patients’ privacy.
The U.S. Department of Health and Human Services (DHHS) enforces HIPAA. Telling them that your dental practice has not had time to develop or maintain a full-scope plan for HIPAA compliance is not likely to be accepted as an excuse for a PHI security breach.
The law now permits a fine of $50,000 per breach of a patient record and a $1.5 million maximum fine per year. Such staggering fines can put a smaller dental practice out of business. A breach of patient data can also bring bad publicity in your community, which can negatively impact even a large dental practice when you are required to have yourself listed on the HIPAA breach list at HHS.gov.
What Does HIPAA Compliance Involve for Dental Practices?
The Health Insurance Portability and Accountability Act (HIPAA) requires dental practices to take the necessary measures to ensure protection of PHI. This means that servers, external backup drives, computers, all relevant digital and paper files, email and other communications, software platforms and applications, and network systems are all properly managed to ensure patient privacy.
How Your Dental Office IT Support Specialist Helps Maintain HIPAA Compliance
Some of the areas of dental practice most vulnerable to breaches of HIPAA requirements are those in which confidential patient information is being stored, transmitted, read, recorded, or temporarily staged or held in use outside its storage location.
Here are just a few of the important practices that your dental practice needs to have in place. Your dental IT specialist can help you establish these, to ensure HIPAA compliance in everyday operational activities.
- Secure Digital Storage — Keeping all digital PHI files in secure storage spaces on your dental office’s IT system is the most basic priority for HIPAA compliance.
- Secure Access Protocols — To best control PHI access, each employee should have a unique username, and passwords should be changed routinely. This automatically generates a log of uses of workstations during times that a given PHI file is accessed.
- Secure User Accounts — A HIPAA compliance plan should include protocols for deleting user accounts, changing keys, alarm codes, and for notifying your IT provider and other appropriate individuals, etc., when employment is terminated. Assigning unique usernames and passwords to each employee is important for controlling access easier.
- HIPAA Best Practices — HIPAA security standards and best practices for protecting patients’ health information include having users lock their computers every time they leave them unattended. Since people can forget, set computers to lock automatically after being inactive for some number of minutes.
- Secure Electronic Workstations — Screen privacy filters or other means to obscure monitors should be installed in more public areas, like reception desks. Easily visible monitors in the patient waiting room can lead to HIPAA violation if a patient decides to look at another’s information.
- Documented HIPAA Compliance Plan & Officer — Your full-scope plan for managing PHI should be written and available to DHHS on request. Also, an employee should be designated as the HIPAA compliance officer. This person should ensure that all employees understand the plan, and should hold everyone accountable for preventing HIPAA breaches.
Dental Office Software and HIPAA
Your HIPAA IT services provider may suggest that your PHI should be encrypted, regardless of where your servers are kept. Today’s Windows Server operating systems all have encryption software (BitLocker) built in, so encryption is not as daunting as it may sound. Both internal hard drives and external drives for backup of your server should be encryption enabled, as well as cloud software you may be using for backup. Pick only a HIPAA compliant provider. Don’t use a provider that stores your encryption keys on their servers. You should be the only one with access to your own encryption keys.
Dental Office Servers and HIPAA
The dental office server and any backup drives containing PHI should be located behind a locked door, secure from potential theft. If it’s not practical to build a server room or closet in your dental office, then your server should be bolted to a server rack or other large, unwieldy object. If a thief breaks into your office, that will make it more difficult to carry away the server. External backup drives should either locked up or encrypted, to render data on those as useless without the encryption keys. Your dental IT support specialist will manage
Dental Office Email and HIPAA
Sending PHI through email has become more difficult under current HIPAA rules. Most dental office email systems don’t have end-to-end encryption. Without encryption from the sender at your office to the intended recipient, breaches of PHI are possible. When sending a patient’s PHI by email, you can use one of the available encryption services, which allow PHI to be transmitted as a secure email attachment. Your dental IT support specialist will provide your staff with training on simple encryption processes.
Dental Office Networks and HIPAA Compliance
Your network must have an appropriate firewall, to defend your system from external threats and to limit internal access to ports inside your network. Network ports should not be installed in an area of your dental office where patients may be left unattended.
Some dental offices offer Wi-Fi for patients to use. Your wireless network for guests should be secured and encrypted as well as your internal office network, and the two must be separate from one another. Your IT services provider can inspect your networks to ensure that they are separate and secure, i.e., unable to communicate with one another.
Dental Practice Subcontractors and HIPAA Compliance
For HIPAA compliance, your practice should have a contract on file with any business associate who is granted access to your patients’ files. The contract should clearly state how the associate is permitted to handle your patients’ protected information. It should also stipulate how they will protect the information. It should also include an explanation of the actions you require them to take in in the event of a HIPAA breach.
Your security policy for subcontractors should apply to your dental IT services professional too. You should not work with an IT services provider who will not sign your PHI security contract.
Getting the Help Your Dental Practice Needs for HIPAA Compliance
Congratulations if your dental office is already efficiently managing all of the above HIPAA concerns. For many dental practices, it can take too long to fully adopt a practical system for maintaining compliance. That process can leave your practice at risk in the meantime.
Your Dental IT specialist should be experienced in helping dental practices ensure thorough HIPAA compliance and that the safeguards are in place to maintain true compliance under current HIPAA requirements.
REMEMBER: HIPAA compliance isn’t just a one-time undertaking. It’s not something you’re ever done with. Maintaining HIPAA compliance requires an ongoing mode of secure operation. Your dental IT specialist will guide you in building an effective strategy for continual HIPAA compliance, as required by law.
How Your Dental IT Support Service Helps Ensure HIPAA Compliance
Implementing a HIPAA compliance program is the easier and less costly part of HIPAA compliance. Ongoing operational maintenance of HIPAA compliance is the more challenging part of the responsibility. Your dental IT specialist provides the efficient support you need in order to maintain HIPAA compliance, so that you can focus on what you do best—helping your patients with their dental needs.
- Maintaining Secure Patient Records — Patient file management, including billing records, communications, and other areas of dental office administration must be HIPAA compliant.
- Physical Security — Attention must be given to locations of servers, computers and monitors, the types of security applications placed in, on and around this equipment, and the policies a dental office enforces for workstation use in terms of focus on HIPAA compliance.
- Network Security — Systems must be routinely scanned to detect vulnerabilities, and to proactively resolve issues. Multiple layers of firewall security, as well as encryption, are important for keeping ePHI private.
- HIPAA Secure Cloud Solution — Your dental office should maintain compliance with the strict SSAE 16 audit standard for its cloud hosting facilities. General Cloud facilities are not as secure.
- Monitoring — HIPAA compliance requires rotation through a quite lengthy checklist of points of conformance in digital systems and processes. In addition to HIPAA compliance, continuous monitoring is required in order to provide for general security of your network system.
- Training — Kinds of training that your IT company should offer on HIPAA compliance in digital communications. All dental practice employees should be fully trained on HIPAA policies and guidelines, and on the standard operating procedures (SOPs) your office adopts for managing compliance.
- Reporting — Your IT support provider can provide a vast range of reports on any issues potentially affecting your dental practice’s level of risk regarding maintenance of HIPAA compliance. Gauging risk allows for quick, timely adjustments.
NOVA Computer Solutions, HIPAA IT Support Dental Practices
NOVA Computer Solutions provides specialized IT services and support for dental practices. NOVA is focused on helping dental practices maintain compliance with all HIPAA standards and requirements. Our expert HIPAA compliance support offers dental practices sound solutions for securely managing PHI, implemented efficiently.
HIPAA Consulting Dental Practices
For more information, visit our website for more information about NOVA Managed IT Services for dental practices. Or, if you would like to have a dental IT expert provide you with a HIPAA compliance consultation and no-obligation IT systems assessment, please call NOVA Computer Solutions at (888) 711-3234 to schedule an appointment.