5 steps to protect patient records

© Song_About_Summer/ Stock.adobe.com

The vast majority of dental offices are now using electronic systems to handle patient information. Almost all practices use practice management software. Most are using digital imaging systems for intraoral and extraoral images and there are tons of add-on software systems to supplement these, such as patient reminders, Google reviews, KPI data management…the list goes on and on.

One of the biggest challenges dental offices may face is that they are not the only ones who understand how valuable their patient data is. There is no data more valuable on the black market than a patient’s health record, as it often contains critical personal information such as a name and address, social security numbers, credit card information, and personal, private health information. The entire reason the HIPAA Security Rule (that deals purely with electronic health information) came about, is to ensure health care providers do everything within reason to protect and secure their patient information. Patients have a reasonable expectation that all dental offices will protect the information shared with the office.

As anyone who reads the news knows, health care providers are under constant attack by bad actors who want to gain access to patient data. Ransomware, data breaches, hacking, and multiple other methods are used to gain access to your patient’s health records. As seen throughout much of 2019 and into this year, the attacks are often not against dental offices directly, but against their IT providers who aren’t following best practices on securing access to their clients’ systems.

A 5-Step Plan to Protect Patient Information

To help keep your practice secure, I will focus on 5 key areas, one each over the next 5 months, that your practice must commit to in the efforts to keep patient data protected. Here’s an overview of what we’ll be discussing in upcoming articles:

1. Keep the bad guys out. Although there are many ways to deal with hackers and ransomware once it enters your network, you’re far better off keeping the bad guys out before that ever happens. The best way to do this is to invest in a good firewall. We’ll look at the criteria you should use to choose a firewall and discuss why the firewall built into your router isn’t enough.

2. Deal with the malware that gets in with software. Since you can’t prevent all malware infections, you need good systems to handle anything that gets past the firewall. Most practices are familiar with standard systems such as antivirus and anti-ransomware software, but we’ll also look at more modern methods that include application whitelisting and ringfencing.

3. Protect the data. If your network is compromised, it’s critical that you make sure that all the important information is encrypted. Encryption is your only “get out of jail free card” if you suffer a breach. We’ll evaluate how and why to encrypt your data using software already built into the Windows system.

4. Recover quickly. The best way to recover from a ransomware infection, assuming you don’t want to pay the criminals thousands of dollars, is to restore from a backup. I’ve discussed backup in the past, but we’ll take another look at the best way to back up your data and protect it from malware.

5. Finally, you need to know what HIPAA violations occur when your network is compromised and what steps the law requires you to take. I’ll also include a discussion of cybersecurity insurance, and trust me, you’ll want to have this insurance in place!

So there you have it. Cybersecurity is still an incredibly important topic for all dental offices. I look forward to going into more detail with this 5-step plan over the coming months. Please stay tune.