The start of a new year is a great time to update stagnated security systems and protocols.
Every few years, I talk about starting the new year on the right foot. As we move into 2023, I know many of us like to create New Year’s resolutions: things we want or hope to accomplish in the coming year. Perhaps you want to lose a few pounds, exercise more, travel somewhere special, or achieve any number of other goals.
One area where many of you may not have resolutions, however, is your information technology (IT) system. For many practices, the IT system is in a holding pattern; nothing really changes. For numerous reasons, I don’t recommend this. So rather than asking you to come up with IT resolutions on your own, I’ve created a few for you to consider for the coming year.
1. Do an annual risk assessment and update your HIPAA management plan. Were you aware that a few HIPAA laws specifically say you must do this? When a new patient shows up at your practice, you don’t immediately start treating them (at least, I hope not!). You take x-rays, do restorative and periodontal charting, and review their history. Based on all that, you put together a treatment plan. HIPAA is exactly the same. You can’t fix the areas where you’re not meeting HIPAA regulations unless you take the time to look first.
2. Speaking of HIPAA, strive to become more HIPAA compliant. Notice I didn’t say to become 100% compliant because this is impossible for any health organization; there are over 700 pages of rules and regulations. However, that doesn’t mean you can’t work toward better compliance. Did you know that a ransomware infection is considered a breach and must be reported as such? Make sure all your software programs including Microsoft Windows, Microsoft Office, and Adobe are updated with the latest security patches. Encrypt everything you can, such as your server, emails, and any other location where electronic protected health information is stored. For most offices, this means working with an IT provider who is fluent in HIPAA. This is too critical to trust to someone who doesn’t specialize in health care.
3. Make sure you have a great backup of your data and do a test restore. How? It’s easy: Just turn off your server and see how long it takes to get up and running with all your data intact. For many offices, the issue isn’t having a backup; it’s how long it takes to recover from the server being down. A properly designed backup should allow you to restore your server within an hour or 2 at most. The unfortunate reality for many offices is that their downtime is measured in days, not hours. Resolve to reevaluate your backup to ensure that you can recover quickly from your server going down and that you don’t lose any critical patient data.
4. Get a better handle on your cybersecurity. As I’ve mentioned in previous articles, I believe that ransomware is the biggest threat to dental offices and any other industry…ever. It’s a bigger threat than the Occupational Safety and Health Administration, insurance, or anything else. Within seconds, you can lose access to everything you spent decades building. You need to have a plan in place to protect your practice from ransomware. Typically, this would include a business-class firewall, anti-ransomware software, and a new technique I discussed a few issues ago called application whitelisting.
Dental offices are busy, and critical IT risks are often left unresolved. This is the perfect time of the year to rededicate yourself to doing everything within reason to protect and secure your practice.