• Best Practices New Normal
  • Digital Dentistry
  • Data Security
  • Implants
  • Catapult Education
  • COVID-19
  • Digital Imaging
  • Laser Dentistry
  • Restorative Dentistry
  • Cosmetic Dentistry
  • Periodontics
  • Oral Care
  • Evaluating Dental Materials
  • Cement and Adhesives
  • Equipment & Supplies
  • Ergonomics
  • Products
  • Dentures
  • Infection Control
  • Orthodontics
  • Technology
  • Techniques
  • Materials
  • Emerging Research
  • Pediatric Dentistry
  • Endodontics
  • Oral-Systemic Health

‘Authentic Frontier Gibberish’

Dental Products ReportDental Products Report February 2021
Volume 55
Issue 2

In Part 4 of this series, Lorne Lavine, DMD, discusses the importance of encrypting your data and how consequential not doing so can be to your dental practice.


I have seen many incorrect assumptions and statements about encryption, so I wanted to tackle the most common misconceptions here:

1.Encryption isn’t mandatory. This is simply not true. If you look at the Health Insurance Portability and Accountability (HIPAA) laws, there are essentially 2 types of rules: required and addressable. Required is cut and dried: You must do it. Addressable is a bit more gray, but not that difficult to understand: If it’s reasonable and appropriate, you must do it (emphasis mine). If it is not reasonable, then come up with an alternative or document why you don’t think it’s required. This is not a get-out-of-jail-free card, because it all boils down to that reasonable and appropriate statement. You have to be able to prove that based on current standards, the requirement isn’t reasonable, and as you’ll see below, that’s a hard argument to make.

2. There are no consequences if my data isn’t encrypted. Even if we ignore the HIPAA requirement, this would be a significant mistake. Although much of HIPAA is somewhat ambiguous, the Breach Notification Rule is not: If you suffer a breach, then by law you must notify your patients in writing, alert the local news media (in certain cases), and be listed on the HHS “Wall of Shame” (if your breach affects 500 or more individuals). Getting back to that get-out-of-jail-free concept, it actually does exist, but only in this specific case: If your data is encrypted, then you are exempt from that breach notification. For this reason alone, it’s almost impossible to not justify encrypting your data. Another fun fact is that most (but not all) ransomware viruses have difficulty attacking encrypted files, so you reduce your chances of a ransomware infection if the data is already encrypted.

3. It’s too expensive to encrypt my data. Well, considering that it’s free, good luck with that argument! If yours is like most practices, you can and should be storing all your data on your server. With Windows Server 2008 no longer being supported and patched (and, thus, a HIPAA violation), you should be using either Server 2012, 2016, or 2019 as your server operating system. And every one of those operating systems (including Windows 10) has a built-in encryption software called BitLocker. It’s part of the system and costs nothing to activate. Unless you have extensive information technology (IT) experience, you’re better off having an IT specialist set it up for you and document it, but compared to the downside of declaring a HIPAA breach, it’s worth every penny.

4. Encryption will slow down my network. This may be true in theory, but the real-world consequences are almost impossible to detect. Decryption occurs on the fly, and modern processors handle this very quickly. For example, if it normally takes 1.5 seconds for your practice management system (PMS) chart to open, if the data is encrypted it may now take 1.6 or 1.7 seconds. Those are just random numbers; whatever slowdown might occur will be so negligible that you really won’t even be aware of it.

There is no good excuse for not encrypting your data. It’s a HIPAA law, it protects your data from infection, and it’s free. Above all, it protects the practice from having to declare a breach, which would be devastating to any dental office.

[ Editor’s Note: The Authentic Frontier Gibberish headline is a reference to the 1974 movie “Blazing Saddles,” directed by Mel Brooks. ]

Related Videos
The Uptime Health Story: An Interview with Uptime Health CEO and Co-Founder Jinesh Patel
Mastermind Episode 33 – Charting the Course for the Future of Dentistry
CDS 2024: What's New at TAG University? with Andrew De la Rosa, DMD
CDS 2024: Breaking Down Barriers to Care with Eric Kukucka, DD
The Connected Future of Dental CAD/CAM with Max Milz
Greater New York Dental Meeting 2023 – Interview with Len Tau, DMD
Greater New York Dental Meeting 2023 – Interview with Hope Slowik
© 2024 MJH Life Sciences

All rights reserved.