The most important privacy information you need to know

December 12, 2013

Issue 9

As a dental laboratory, you seldom, if ever, are privy to patient telephone numbers, mailing or email addresses, birth dates, Social Security numbers, medical records or data directly identifying individuals’ relatives, employers or household members as part of your dealings with the dental office.

As a dental laboratory, you seldom, if ever, are privy to patient telephone numbers, mailing or email addresses, birth dates, Social Security numbers, medical records or data directly identifying individuals’ relatives, employers or household members as part of your dealings with the dental office.

But what you do share in today’s digital age are the patient’s name, photos showing the patient’s full face, and perhaps even insurance numbers where you bill the patient’s plan directly for services rendered. All of these are private aspects and should be carefully protected under your patient confidentiality procedures. There is the real issue of protecting the confidentiality of any doctor-patient information, whether on a legal or moral basis. This is irrespective of whether HIPAA (or other regulations like the Health Information Technology for Economic and Clinical Health Act (HITECH) & HITECH Safe Harbor in the USA or the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada) apply directly.

Some aspects might be considered common sense-such as not including the patient’s name on case shipping labels going back and forth between practice and lab; and ensuring unauthorized individuals cannot view patient information on a computer monitor or have access to the patient record room. Others are perhaps more complex in today’s digital age. Let’s look at one example of how information is shared routinely every day, yet is perhaps more vulnerable than we all realize: email.

More than 50 years ago, dental collaboration meant all parties met in the same room to exchange information. As that information was shared verbally and through hard copy files, patient information was safeguarded. Over time, as new technology was introduced, like telephone, fax and the Internet, the exchange of information became less secure. The Internet has revolutionized dental communication as it offers a visual medium that enables collaboration across great distances. With digital high resolution imaging, collaboration was, for the first time since in-person meetings, available immediately to all collaborators. Yet, while that collaboration has enabled improvements in results, it often meant risking patient data by sending it through unsecure means like email or online storage sites.

Take a look around your laboratory. How many times each day are photos, impression files, etc. emailed back and forth with the patient’s name (and other details) shared as identifiers of that particular case? It won’t take long before you realize the extent of the information flow-and the potential liabilities that flow with it. Many popular tools like Outlook, Gmail, Dropbox, and other options that are commonly used for patient information sharing are NOT compliant with patient privacy laws.

Today, you should be ready to ensure, and document, that you are compliant with regulations. Consider the following:

•   Access: Who has access? How can you ensure it is limited to only those who need it and should see it?

•   Transmission: Is every transmission of patient information secure? To be compliant, data must be secure and encrypted during the sending and storage of the data.

•   Storage: Can you prove your patients’ data is stored securely?

•   Auditability: Can you track each individual who was able to read, write and delete all patient information?

•   Disposal: Can you ensure sensitive data is disposed of safely when needed? Typical email systems hold and control the disposal of your private information. To be compliant, you must have procedures in place to address the final disposal of data.

Are you liable if this patient information is compromised? The answer to that question is beyond the scope of this article. What is clear is: Why take the chance? There are proven solutions available. At core3dcentres®, we have installed Secure-Mail, a feature of Brightsquid Dental Link, to protect the confidentiality of the information we share with our clients.

Secure-Mail is a HIPAA-compliant messaging system designed to enable dentists, specialists and labs to easily and safely share private patient information. Secure-Mail works just like the email tools you are used to, with an important distinction-all your communications will meet compliance standards. And, you can securely send multiple high-resolution photos with every message (attach 500MB to every message).

When protecting the privacy of patient information, the choice is yours. Unfortunately, the long-term ramifications of not doing so properly may not be.

For more information on Secure-Mail, and to have your Patient Information Privacy questions answered by people that have an in-depth understanding and experience with the issue and its resolution, call Brightsquid at 800-238-6503 or visit brightsquid.com. Photo credit: Photo: alengo / Getty Images