This post, 5 HIPAA/HITECH violations your dental practice is making, first appeared on http://gazette.com/.
July 4, 2017
Pssst — I think we need to talk. Your dental practice — does it have a HIPAA/HITECH compliance plan? No? You’re not the only practice without one, trust us. If your business doesn’t have a plan, however, it’s nearly impossible to ensure you’re not violating HIPAA/HITECH — and violations can cost thousands, if not millions, of dollars. Here are five violations your dental practice is probably guilty of — along with proper fixes — courtesy of the IT experts at Frontier IT in Colorado Springs.
Problem: Open wifi
Solution: Secure it
As blogger and HIPAA risk assessor Amy Wood notes on DentistryIQ, “I know more about 90% of the offices I walk into by accessing their wifi before I even speak with the doctor.” Using a free app, Wood can “see all devices, cell phones of patients and staff, office computers, printers, tablets, laptops, and the server” of practices with open wifi, she writes. “If I can do that with a free app, a thief or even a bored 14-year-old with a laptop can siphon patient information and an office would never know about it,” Wood adds. A simple Twitter search for “hacked dentist wifi” serves as a great example of the importance of this.
Problem: Unencrypted electronic personal health information (ePHI)
Solution: Encrypt it
As Dr. Lorne Lavine explains in an article on the Modern Dental Network, many businesses don’t encrypt their ePHI because they don’t understand the need for encryption. “HIPAA has defined encryption as an ‘addressable’ concern, meaning, if it’s reasonable and appropriate, you must do it,” Lavine writes. “… The problem is encrypting your data is both reasonable and appropriate.” As Lavine points out, there went your get-out-of-jail-free card! The good news: Encrypting your data can be as simple as storing it on a self-encrypting drive or downloading a free program (though it’s undoubtedly better to consult with an MSP, or managed service provider, to ensure that your data encryption plan is foolproof — and hackerproof).
Problem: Discussing patients in earshot of other patients
Solution: Just don’t
We’re going to go out on a limb and assume that this is the most pervasive HIPAA violation because, let’s face it, who doesn’t love a good bit of juicy gossip? But just how sure are you that a patient isn’t in earshot? Bottom line: It simply isn’t worth the risk.
Problem: Storing patient records on a non-HIPAA-compliant file-sharing service
Solution: Get Autotask Workplace
Free online file-sharing services make accessing documents from anywhere, at any time, a breeze — such a breeze, in fact, that it might be tempting to upload patient files for easy team access. Danger, Will Robinson! This is a flagrant HIPAA violation. A couple years back, St. Elizabeth’s Medical Center, a Massachusetts-based hospital, was fined more than $200,000 for uploading the ePHI of nearly 500 patients to such a service “without first assessing the risks associated with the use of the service,” according to DataPrivacyMonitor.com. Happily, there exist convenient, affordable HIPAA and HITECH-compliant file-sharing services like Autotask Workplace that allow employees to easily create, manage, organize and collaborate on files — without risking hefty fines.
Problem: No back-up of medical files
Solution: Datto Backupify
HIPAA/HITECH requires that your patients’ files are backed up and recoverable in case of disaster, whether that’s a fire at your medical facility, a disgruntled employee’s revenge or a ransomware attack. With HIPAA-compliant solutions like Datto Backupify, there’s no need to worry that your files are gone forever. What’s more, Backupify encrypts your data and even backs up your Office 365 calendar and contacts three times a day.
Just how HIPAA/HITECH compliant is your practice? Perhaps you’re now beginning to question many procedures and practices at your clinic.
What’s a busy dentist or dental office manager to do?
Contact an MSP, or managed service provider.
MSPs specialize in working with small- to mid-sized businesses that don’t have their own IT departments. An MSP can tailor an affordable service plan to your dental practice, offering you only what you need like server and network monitoring or disaster recovery planning, according to the experts at Frontier IT.
Perhaps even better, partnering with an MSP can provide you with peace of mind that your patients’ valuable data is secure and your business is safe from potentially devastating fines.
This post, 5 HIPAA/HITECH violations your dental practice is making, first appeared on http://gazette.com/.