This post, 5 HIPAA/HITECH violations your dental practice is making, first appeared onĀ http://gazette.com/.
July 4, 2017
Pssst ā I think we need to talk.Ā Your dental practice ā does it have a HIPAA/HITECHĀ compliance plan? No? Youāre not the only practice without one, trust us. If your business doesnāt have a plan, however, itās nearly impossible to ensure youāre not violating HIPAA/HITECH ā andĀ violations can cost thousands, if not millions, of dollars. Here are five violations your dental practice is probably guilty of Ā āĀ along with proper fixesĀ āĀ courtesy of the IT experts at Frontier IT in Colorado Springs.
Problem:Ā Open wifi
Solution:Ā Secure it
As blogger and HIPAA risk assessor Amy WoodĀ notes on DentistryIQ, āI know more about 90% of the offices I walk into by accessing their wifi before I even speak with the doctor.ā Using a free app, Wood can āsee all devices, cell phones of patients and staff, office computers, printers, tablets, laptops, and the serverā of practices with open wifi, she writes. āIf I can do that with a free app, a thief or even a bored 14-year-old with a laptop can siphon patient information and an office would never know about it,ā Wood adds. A simpleĀ Twitter search for āhacked dentist wifiāĀ serves as a great example of the importance of this.
Problem:Ā Unencrypted electronic personal health information (ePHI)
Solution:Ā Encrypt it
As Dr. Lorne Lavine explains in anĀ article on the Modern Dental Network, many businesses donāt encrypt their ePHI because they donāt understand the need for encryption. āHIPAA has defined encryption as an āaddressableā concern, meaning, if itās reasonable and appropriate, you must do it,ā Lavine writes. ā⦠The problem is encrypting your data is both reasonable and appropriate.ā As Lavine points out, there went your get-out-of-jail-free card! The good news: Encrypting your data can be as simple as storing it on a self-encrypting drive or downloading a free program (though itās undoubtedly better to consult with an MSP, or managed service provider, to ensure that your data encryption plan is foolproof ā and hackerproof).
Problem:Ā Discussing patients in earshot of other patients
Solution:Ā Just donāt
Weāre going to go out on a limb and assume that this is the most pervasive HIPAA violation because, letās face it, who doesnāt love a good bit of juicy gossip? But just how sure are you that a patient isnāt in earshot? Bottom line: It simply isnāt worth the risk.
Problem:Ā Storing patient records on a non-HIPAA-compliant file-sharing service
Solution:Ā Get Autotask Workplace
Free online file-sharing services make accessing documents from anywhere, at any time, a breeze ā such a breeze, in fact, that it might be tempting to upload patient files for easy team access. Danger, Will Robinson! This is a flagrant HIPAA violation. A couple years back, St. Elizabethās Medical Center, a Massachusetts-based hospital, was fined more than $200,000 for uploading the ePHI of nearly 500 patients to such a service āwithout first assessing the risks associated with the use of the service,āĀ according to DataPrivacyMonitor.com. Happily, there exist convenient, affordable HIPAA and HITECH-compliant file-sharing services likeĀ Autotask WorkplaceĀ that allow employees to easily create, manage, organize and collaborate on files ā without risking hefty fines.
Problem:Ā No back-up of medical files
Solution:Ā Datto Backupify
HIPAA/HITECH requires that your patientsā files are backed up and recoverable in case of disaster, whether thatās a fire at your medical facility, a disgruntled employeeās revenge or a ransomware attack. With HIPAA-compliant solutions like Datto Backupify, thereās no need to worry that your files are gone forever. Whatās more, Backupify encrypts your data and even backs up your Office 365 calendar and contacts three times a day.
Just how HIPAA/HITECH compliant is your practice?Ā Perhaps youāre now beginning to question many procedures and practices at your clinic.
Whatās a busy dentist or dental office manager to do?
Contact an MSP, or managed service provider.
MSPs specialize in working with small- to mid-sized businesses that donāt have their own IT departments. An MSP canĀ tailor an affordable service planĀ to your dental practice, offering you only what you need likeĀ server and network monitoringĀ orĀ disaster recovery planning, according to the experts at Frontier IT.
Perhaps even better, partnering with an MSP can provide you with peace of mind that your patientsā valuable data is secure and your business is safe from potentially devastating fines.
This post, 5 HIPAA/HITECH violations your dental practice is making, first appeared onĀ http://gazette.com/.