• Best Practices New Normal
  • Digital Dentistry
  • Data Security
  • Implants
  • Catapult Education
  • COVID-19
  • Digital Imaging
  • Laser Dentistry
  • Restorative Dentistry
  • Cosmetic Dentistry
  • Periodontics
  • Oral Care
  • Evaluating Dental Materials
  • Cement and Adhesives
  • Equipment & Supplies
  • Ergonomics
  • Products
  • Dentures
  • Infection Control
  • Orthodontics
  • Technology
  • Techniques
  • Materials
  • Emerging Research
  • Pediatric Dentistry
  • Endodontics
  • Oral-Systemic Health

4 crucial steps for dealing with a data breach

Article

A data breach in the dental industry isn’t just nerve-wracking – it’s also expensive and can potentially shut a practice down. The bad news is nearly every company will experience a data breach of some kind during the life of their company.

A data breach in the dental industry isn’t just nerve-wracking – it’s also expensive and can potentially shut a practice down. The bad news is nearly every company will experience a data breach of some kind during the life of their company. 

Across all business sectors in 2014, there were approximately 783 data breaches that resulted in 85 million records being compromised. In the healthcare industry alone, there were 333 breaches and 8.2 million records compromised.

More from Dr. Lavine: The 5 crucial components of a HIPAA contingency plan

There’s a lot of confusion on what constitutes a breach in the healthcare industry. Under HIPAA, it is presumed that an impermissible use or disclosure of protected health information (PHI) is a breach unless the covered entity or business associate demonstrates that there is a low probability that the PHI was compromised.

To make that determination, HIPAA mandates that those organizations perform a risk assessment on at least four factors. 

Continue to the next page to read about the factors.

 

 

 

 

 

Step 1: Assess the nature and extent of involved PHI and likelihood of identification

When determining the risk of harm to an individual, it’s important to determine what information was exposed and the likelihood of identification? Take a closer look at the PHI that was inappropriately disclosed or used. Is it more sensitive in nature? Do they include financial records? What was the level of detail in the record?

Related reading: Risky Business: HIPAA compliance and the importance of risk analysis assessments

Assessing this information will help to mandate the urgency in which you deal with the issue. For example, you’ll feel far more pressed to deal with a breach in financial records than you will to deal with a breach in outdated information.

This information is one step that will assist an organization in determine if there is a low risk that the PHI was compromised. However, all four factors must be considered before a determination is made.

 

 

 

Step 2: Determine the unauthorized person who used the PHI or to whom the disclosure was made

The next step involves tracing the breach back to the source and identifying the perpetrator and/or the person to whom the information was disclosed. This often occurs as a mistake on the part of the employee.

Related reading: To encrypt or not to encrypt ... It's not really a question!

For example, an employee that meant to send an encrypted email file to the acting physician may have mistakenly sent it to a different party or included unauthorized personnel in the email correspondence. If this is the case, it’s fairly simple to trace it back to the source. From there, steps can be taken to reinforce policies to rectify the situation.

Other times the impermissible use or disclosure involves a third party. Determining who received the PHI is an important factor, as it may weigh heavily towards a decision that the data had a low probability of being compromised.

 

 

 

Step 3: Establish whether the PHI was actually acquired or viewed

The best-case scenario is that breached data is never viewed or acquired. This may happen, for example, if it’s a laptop that was stolen or lost is returned, but an unauthorized person never opened it. This is going to be a factor in determining if the PHI was compromised.

More from Dr. Lavine: 3 things you must do if a data breach occurs in your dental practice

At times, a forensic data analysis can determine whether or not the information was accessed, viewed, acquired, altered, transferred, or otherwise compromised. This step, combined with the other three, can help you determine whether a breach actually occurred.

 

 


 

 

Step 4: Evaluate the extent to which the risk to the PHI has been mitigated

All risks to the PHI should be mitigated in order to reduce legal implications and protect the information.  The responsible covered entity could request a letter of attestation that the PHI was destroyed.

This step depends a lot on the third party’s actions following the data breach and their willingness to cooperate with efforts to mend the situation.

After all four steps have been considered and documented, the covered entity or business associate must, in good faith, make the determination whether there was a low probability that the PHI was compromised. If the covered entity or third party cannot make that determination, breach notification is required.

 

Related Videos
2024 Dental Products Report Spring Selection Bracket Reveal Video
Process of Care Workflow and Repairing Early Caries with Guided Enamel Remineralization
Addressing Unmet Needs in Early Childhood Oral Care - an interview with Ashlet Lerman, DDS
Mastermind Episode 33 – Charting the Course for the Future of Dentistry
CDS 2024 Midwinter Meeting – Interview with Debbie Zafiropoulos, who discusses a trio of new infection control products from Armis Biopharma.
2024 Chicago Dental Society Midwinter Meeting – Interview with Peter Maroon, business development and sales lead at Spectrum Solutions® on the new salivary diagnostic test, SimplyPERIO.
CDS 2024: Ivoclar's e.max ZirCAD Prime Blocks with Shashi Singhal, BDS, MS
CDS 2024: Diving Deep on J. Morita's New Root ZX3 & HF Module
CDS 2024: What's New at TAG University? with Andrew De la Rosa, DMD
Related Content
Pacific Dental Services Evolves into PDS Health | Image Credit: © PDS Health

Pacific Dental Services Evolves into PDS Health

April 25th 2024
Article

Along with new name, the comprehensive healthcare organization has a new headquarters in Henderson, Nevada.

Product Bites – April 19, 2024

Product Bites – April 19, 2024

April 19th 2024
Podcast

A bite-sized look at all the latest new dental product launches. This week's episode features launches from TheraBreath and RevenueWell.

BMF Gets FDA Clearance for UltraThineer Veneer Material | Image Credit: © Boston Micro Fabrication

BMF Gets FDA Clearance for UltraThineer Veneer Material

April 24th 2024
Article

The company says material will be used to create the world’s thinnest cosmetic veneers, and will require less tooth prep.

Product Bites – April 5, 2024

Product Bites – April 5, 2024

April 5th 2024
Podcast

A bite-sized look at all the latest dental product launches. This week's episode features products from Young Specialties, Spectrum Solutions, Opalescence, Mango Voice, Monaghan Tooling Group, Desktop Health, Pac-Dent, and Intiveo.

Sagemax Launches NexxZr+ Multi 2.0 Disc. Image credit: © Sagemax Bioceramics, Inc.

Sagemax Launches NexxZr+ Multi 2.0 Disc

April 24th 2024
Article

Sagemax introduces the NexxZr+ Multi 2.0 disc, a new addition to their zirconia portfolio, boasting enhanced composition for superior esthetics and strength.

The Dental pod Quickly and Easily Disinfects Oral Appliances | Image Credit: © Zima Dental

The Dental pod Quickly and Easily Disinfects Oral Appliances

April 23rd 2024
Article

New ultrasonic cleaning device from Zima Dental uses high-frequency 42,000 Hz ultrasonic waves to disinfect and polish appliances without abrasive damage.

© 2024 MJH Life Sciences

All rights reserved.