8 ways to keep your practice HIPAA compliant

February 20, 2018

Keeping your patients' data safe should be a top priority. Here's how to do it.

You do everything you can to protect your patients’ oral health, but are you protecting their privacy as well? HIPAA rules and regulations are critically important to every business that has access to medical information.

A practice that fails to protect their patients’ health information could end up facing severe penalties and fines, which can have far-reaching effects for years to come. Having to defend yourself against a regulatory violation is an extremely time-consuming process, not to mention embarrassing and a bad mark against your practice.

It makes much more sense to take a preventive approach and put proper protections in place to provide your patients with peace of mind and keep your practice in compliance.

HIPAA Matters

In order help patients know and understand their privacy rights, it’s required by law that you have patients acknowledge that they have received and read HIPAA information from your practice. More often than not, patients barely skim this information or breeze by posted HIPAA signs without so much as a second look.

However, this doesn’t mean HIPAA doesn’t matter to patients.

If your practice were to compromise a patient’s medical information in any way, they would be highly upset and probably pursue any and all legal remedies. That’s why it’s critical to do everything possible to avoid any HIPAA violation. Follow these tips for protecting your patients’ privacy:

Related article: What you need to know about HIPAA compliance and patch management

1. Know what is meant by protected health information

Some practices think that protecting patient privacy is limited to masking basic information such as names and Social Security numbers. In reality, it applies to any information that is personal or unique to a patient. This could include patient phone numbers, emails, addresses, etc. According to HIPAA rules, contact information is equal to medical information and must be guarded and protected.

2. Put a business associate agreement in place 

This is a simple agreement that requires any outside entity (e.g., an outside billing company) to keep all patient information confidential.

3. Watch your passwords 

Some passwords must be shared for the efficient use and access of common office software and systems. For greater security, your rule of thumb should be that the fewer number of people with access to confidential patient information the better. This decreases the likelihood that anything will accidentally or deliberately leak from the practice.

Related article: How to evaluate HIPAA compliance in your dental practice

4. Review email use 

It is important to evaluate how you're communicating with patients. Practices often email detailed information to patients that should not be read or received by others. To avoid a HIPAA violation, make absolutely sure that these emails are encrypted.

There are also rules that apply to the types of devices (e.g., computers, smartphones, tablets, etc.) that are used to send information. Frequently, staff or doctors will use their personal devices to send information to patients, which could be a serious HIPAA violation.

Click to the next page to read 4 more tips...

 

5. Get cyber insurance 

There are practices that don’t want to spend money for this type of protection, but cyber insurance is something you can’t afford not to have. We now operate in a world where hacking, ransomware and other types of cyber attacks are common, and practices need to be more vigilant than ever before. The costs related to a cyber attack and a resulting violation will be far more expensive than your investment in insurance. Be sure to work with your insurance agency to determine the level of cyber insurance necessary to properly protect your practice.

Related article: 9 ways to avoid cyber attacks

6. Protect your paper 

Most practices today still rely on paper to record and process information. Therefore, practices must be very careful about how they maintain patient files, as well as how to dispose of them when needed. Invest in a good office shredder. If you work with a paper disposal service, be sure that it is trustworthy and has an excellent reputation.

7. Attend annual training

By having annual staff training on HIPAA you will be much better protected in regard to day-to-day activities. And if a problem does occur, you will be able to make a strong case that your practice did everything possible to educate the team and protect patient information.

8. Require all patients to sign the notice of privacy practices form 

In the event of a problem, not having a signed notice of privacy practice form will be seen as an indication that your practice does not have proper protocols and policies in place.

Related article: Are your emails safe?

Conclusion

HIPPAA is a very serious regulatory process that must be carefully followed by all dental practices. The good news is that HIPPA guidelines are clear and easily understood when reviewed regularly. Annual updates through continuing education will help ensure that your practice continues to follow the most current regulations.