Is Your Practice Data Safe?
Updated: Sep 28, 2022
How secure is your data? I know you all hear about HIPAA and hacking, but it is all a little obscure, isn’t it? It is very confusing to most...so you are not alone. We know you want to make sure your data and your patient’s information is all secure. So how do you do it? There are a lot of different areas to pay attention to so we would like to help you out with a few of them here.
✓ Passwords - seems like a no-brainer, but we find a lot of offices still do not have passwords in place. Passwords not only protect the practice owner if there is any wrong-doing in the office, but is also a HIPAA requirement. Things to consider about passwords:
Do you have a password policy in place?
How often are the passwords changed in your practice?
Does your team understand they are not to share their passwords with anyone?
Are passwords committed to memory, instead of being on a post-it note where
anyone that comes in to your office can see and get in to the computer?
Is your team trained regarding your password policy? (Once you have one in
✓ Secure Email – any ePHI you send must be encrypted. We all know this right? If you are
sending an email with a patient’s x-rays to a referral doctor it cannot just go through a Gmail account. You have to have a secure outlet to send your information. But that is not all. Some other things to consider with your emails are:
User names and passwords must be unique for all team members in the practice. This is called “Access Control” – so you can tell who has accessed or sent any of the emails with PHI to or from your practice. You must be able to track this information with audit trails.
Is your transmission secure? You are required to have a SSL-based encryption for any PHI transmitted electronically.
✓ Secure Back-up – this is an area that seems to get overlooked in a lot of offices, and yet it is so very important. First of all having a good back-up is important, but have you really
thought about this information being secure? I recently had a meeting with Cory Anderson from Dental-Backup.com that is providing this service and was amazed at what is actually required. Did you know:
You must securely back up your data and safeguards must be in place in recovery mode
The data must be encrypted (Dental-Backup.com has 488-bit encryption and requires a 48 character alpha/numeric password to access it)
Your data must be recoverable. You must be able to fully “restore any loss of data”
You must get your data offsite as required by the HIPAA Security Final Rule (CFR164.308(a)(1))
There are many areas to consider when protecting your data and patient’s information. We encourage you to ensure you are doing your due diligence. The stakes are high and we do not want to see anyone get caught in a situation that is out of their control. If you have any questions, please do not hesitate to contact us.
Janice Janssen, RDH, CFE, Consultant
At age 14, Janice Janssen got an after-school job working for her dentist. Twenty-something years later, she is the co-founder of Global Team Solutions and an expert in practice consulting. Besides hands-on experience, Janice has gained professional recognition for her hard work and commitment to excellence. She is co-author of OMG! Office Management Guide, the “bible” used in GTS training workshops. She is a member of the Academy of Dental Management Consultants (ADMC), and is a Certified Fraud Examiner (CFE), which positions her as an expert in educating dentists to deter fraud and embezzlement in their practice.
Janice can be reached at: firstname.lastname@example.org