The many-tentacled prospect of maintaining HIPAA compliance can overwhelm the best efforts of the most efficient dental office administrative and clinical teams—unless you have a good plan in place. Even if you do have a current dental practice HIPAA plan, there may be some areas of compliance that you have not yet addressed or considered.
A Managed IT Services provider that specializes in supporting dental professionals is fully familiar with requirements for dental practice HIPAA Compliance. Below are some of the key areas in which your dental IT services specialist can help ensure HIPAA compliance in your dental practice.
The legal requirements for sharing and storing protected health information (PHI) have been changed over the past ten years. Today, all dental professionals who handle PHI must meet the new, stricter HIPAA rules for preserving patients’ privacy.
The U.S. Department of Health and Human Services (DHHS) enforces HIPAA. Telling them that your dental practice has not had time to develop or maintain a full-scope plan for HIPAA compliance is not likely to be accepted as an excuse for a PHI security breach.
The law now permits a fine of $50,000 per breach of a patient record and a $1.5 million maximum fine per year. Such staggering fines can put a smaller dental practice out of business. A breach of patient data can also bring bad publicity in your community, which can negatively impact even a large dental practice when you are required to have yourself listed on the HIPAA breach list at HHS.gov.
The Health Insurance Portability and Accountability Act (HIPAA) requires dental practices to take the necessary measures to ensure protection of PHI. This means that servers, external backup drives, computers, all relevant digital and paper files, email and other communications, software platforms and applications, and network systems are all properly managed to ensure patient privacy.
Some of the areas of dental practice most vulnerable to breaches of HIPAA requirements are those in which confidential patient information is being stored, transmitted, read, recorded, or temporarily staged or held in use outside its storage location.
Here are just a few of the important practices that your dental practice needs to have in place. Your dental IT specialist can help you establish these, to ensure HIPAA compliance in everyday operational activities.
Dental Office Software and HIPAA
Your HIPAA IT services provider may suggest that your PHI should be encrypted, regardless of where your servers are kept. Today’s Windows Server operating systems all have encryption software (BitLocker) built in, so encryption is not as daunting as it may sound. Both internal hard drives and external drives for backup of your server should be encryption enabled, as well as cloud software you may be using for backup. Pick only a HIPAA compliant provider. Don’t use a provider that stores your encryption keys on their servers. You should be the only one with access to your own encryption keys.
Dental Office Servers and HIPAA
The dental office server and any backup drives containing PHI should be located behind a locked door, secure from potential theft. If it’s not practical to build a server room or closet in your dental office, then your server should be bolted to a server rack or other large, unwieldy object. If a thief breaks into your office, that will make it more difficult to carry away the server. External backup drives should either locked up or encrypted, to render data on those as useless without the encryption keys. Your dental IT support specialist will manage
Dental Office Email and HIPAA
Sending PHI through email has become more difficult under current HIPAA rules. Most dental office email systems don’t have end-to-end encryption. Without encryption from the sender at your office to the intended recipient, breaches of PHI are possible. When sending a patient’s PHI by email, you can use one of the available encryption services, which allow PHI to be transmitted as a secure email attachment. Your dental IT support specialist will provide your staff with training on simple encryption processes.
Dental Office Networks and HIPAA Compliance
Your network must have an appropriate firewall, to defend your system from external threats and to limit internal access to ports inside your network. Network ports should not be installed in an area of your dental office where patients may be left unattended.
Some dental offices offer Wi-Fi for patients to use. Your wireless network for guests should be secured and encrypted as well as your internal office network, and the two must be separate from one another. Your IT services provider can inspect your networks to ensure that they are separate and secure, i.e., unable to communicate with one another.
Dental Practice Subcontractors and HIPAA Compliance
For HIPAA compliance, your practice should have a contract on file with any business associate who is granted access to your patients’ files. The contract should clearly state how the associate is permitted to handle your patients’ protected information. It should also stipulate how they will protect the information. It should also include an explanation of the actions you require them to take in in the event of a HIPAA breach.
Your security policy for subcontractors should apply to your dental IT services professional too. You should not work with an IT services provider who will not sign your PHI security contract.
Congratulations if your dental office is already efficiently managing all of the above HIPAA concerns. For many dental practices, it can take too long to fully adopt a practical system for maintaining compliance. That process can leave your practice at risk in the meantime.
Your Dental IT specialist should be experienced in helping dental practices ensure thorough HIPAA compliance and that the safeguards are in place to maintain true compliance under current HIPAA requirements.
REMEMBER: HIPAA compliance isn’t just a one-time undertaking. It’s not something you’re ever done with. Maintaining HIPAA compliance requires an ongoing mode of secure operation. Your dental IT specialist will guide you in building an effective strategy for continual HIPAA compliance, as required by law.
Implementing a HIPAA compliance program is the easier and less costly part of HIPAA compliance. Ongoing operational maintenance of HIPAA compliance is the more challenging part of the responsibility. Your dental IT specialist provides the efficient support you need in order to maintain HIPAA compliance, so that you can focus on what you do best—helping your patients with their dental needs.
NOVA Computer Solutions provides specialized IT services and support for dental practices. NOVA is focused on helping dental practices maintain compliance with all HIPAA standards and requirements. Our expert HIPAA compliance support offers dental practices sound solutions for securely managing PHI, implemented efficiently.
For more information, visit our website for more information about NOVA Managed IT Services for dental practices. Or, if you would like to have a dental IT expert provide you with a HIPAA compliance consultation and no-obligation IT systems assessment, please call NOVA Computer Solutions at (888) 711-3234 to schedule an appointment.
As a consultant to dental practices, I help my clients maximize what can be done with their technology to maximize production and profit.