• Best Practices New Normal
  • Digital Dentistry
  • Data Security
  • Implants
  • Catapult Education
  • COVID-19
  • Digital Imaging
  • Laser Dentistry
  • Restorative Dentistry
  • Cosmetic Dentistry
  • Periodontics
  • Oral Care
  • Evaluating Dental Materials
  • Cement and Adhesives
  • Equipment & Supplies
  • Ergonomics
  • Products
  • Dentures
  • Infection Control
  • Orthodontics
  • Technology
  • Techniques
  • Materials
  • Emerging Research
  • Pediatric Dentistry
  • Endodontics
  • Oral-Systemic Health

Top 5 Things You Must Do to Get HIPAA Compliant

Publication
Article
Dental Products ReportDental Products Report December 2019
Volume 53
Issue 12

It’s impossible for any health care provider to be 100 percent HIPAA compliant but you still need to make a good faith effort. Here are the top five things you can do right now.

As dental offices put more and more of their patient data into a digital format, it’s critical that they do everything in their power to protect and secure that data. HIPAA laws are based on this premise-that patients entrust us with their most personal information, with the expectation that we will do our best to prevent that info from falling into the wrong hands.

It’s impossible for any health care provider to be 100 percent HIPAA compliant because there are literally hundreds of pages of rules and regulations. However, you still need to make a good faith effort to be as up to date as you can. Here are the top five things you can do right now.

1. Risk Assessment and Management Plan


If a new patient shows up to your office, you don’t just start to treat them. You do your diagnosis first-X-rays, restorative charting, periodontal probing, etc. Then, based on your findings, you create a treatment plan before beginning treatment. HIPAA is the same way.

How can you know where your practice isn’t meeting HIPAA requirements unless you look? Proper risk assessment must include a full evaluation of your IT systems, your existing policies and procedures, a site survey, vulnerability testing, the list goes on and on. If done properly, it should then generate a plan of action so you can keep on track to address the deficiencies that are found during the risk assessment.

2. Backup and Disaster Recovery


While backup is obviously critical even in the absence of HIPAA rules, there are multiple laws that relate to the backup, such as an offsite location, testing and verifying on a regular basis, and using encryption.

I’m a huge fan of cloud backup-it allows you to get the data offsite without any human intervention and you can easily monitor those backups. The problem is if you had to restore from that backup, it could take days depending on the size of your backup and internet speed. So, I always suggest a local backup as well. I recommend a disk image, it’s basically an exact replica of the entire server that you can store on a local device. That way, if your main server goes down, you fire up that copy of the server and you’re up and running in a matter of minutes.

Continue reading on the next page...

 

3. Anti-malware and Firewalls

It’s important that you do what you can to keep the bad people out and the important data in (that’s what a firewall does). But you should also have protection in place in case some malware does make it through. While having decent antivirus software is important, protection against ransomware is far more critical. Ransomware locks your files and requires you to pay a ransom- which can be many thousands of dollars-to get the unlock key. Adding insult to injury, Health and Human Services has determined that if you are hit with ransomware, you have suffered a Breach and must notify all patients in writing as well as the local news media.

4. Patch Management

Many of you have likely been told by your IT people that you must replace any computers running Server 2008 or Windows 7. This is because Microsoft is ending support for these operating systems. An unpatched operating system is a huge risk, so offices need to either upgrade or replace their systems as soon as possible. You still have many software programs besides Windows that you use, which must also be patched. Many IT companies offer what is often called “managed services”, which is just a fancy way of saying automated software that does the heavy lifting for us.

5. Encryption

While encryption is an “addressable” HIPAA item, it still makes sense for all offices to encrypt their data. Any breach of your data would not need to be reported if you can establish that the data was encrypted before the breach occurred. The good news is any Windows Server version from 2012 or newer, and Windows 10, all have a free, built-in encryption module called Bitlocker, so you don’t have to go out and buy a separate program.
It’s critical to protect your patients as well as your practice. Any office that does these five steps will be well on its way to becoming more HIPAA compliant.  



 

Download Issue PDF
Articles in this issue
Top 5 Dental Specialty Products
Top 5 Dental Specialty Products
Top 5 Techniques
Top 5 Techniques
Top 10 DPM Articles of 2019
Top 10 DPM Articles of 2019
Top 5 Editor’s Choice Products
Top 5 Editor’s Choice Products
Top 10 Restorative Products
Top 10 Restorative Products
Top 10 Modern Hygienist Articles
Top 10 Modern Hygienist Articles
Top 5 Test Drives of 2019
Top 5 Test Drives of 2019
Top 10 Technology Products
Top 10 Technology Products
Top 5 Dental Equipment and Supplies
Top 5 Dental Equipment and Supplies
Top 10 Game Changers
Top 10 Game Changers
Top 5 Home Care Products
Top 5 Home Care Products
Top 5 Things You Must Do to Get HIPAA Compliant
Top 5 Things You Must Do to Get HIPAA Compliant
Top 5 Podcasts of 2019
Top 5 Podcasts of 2019
2019 By the Numbers
2019 By the Numbers
Top 10 DPR Articles
Top 10 DPR Articles
Related Videos
Mastermind Quick Tips: Cybersecurity
Mastermind - Episode 17 - Strengthening Cybersecurity in the Dental Practice
ADA SmileCon 2021 - Interview with PlanetDDS Vice President of Sales Mike Huffaker
Exploring Artificial Intelligence in Dentistry with Overjet AI
A digital dental transformation: A conversation with Mike Uretz about the future of dental software.
Related Content
RevenueWell Launches Insurance Verification Tool. Image credit: © RevenueWell

RevenueWell Launches Insurance Verification Tool

April 11th 2024
Article

This new tool from RevenueWell pulls accurate data to streamline dental insurance verification processes.

Carestream Dental Launches Rx Manager for Sensei. Image credit: © Carestream Dental

Carestream Dental Launches Rx Manager for Sensei

March 13th 2024
Article

This cloud-based prescription management platform from Carestream Dental features advanced features and robust cybersecurity measures.

Top 4 Things You Must do to Become HIPAA Compliant. Image credit: © ZimmyTWS - stock.adobe.com

Top 4 Things You Must Do to Become HIPAA Compliant

November 1st 2023
Article

Use these key steps to keep your dental practice on the right side of patient privacy requirements.

The 3 Critical Components of Effective Cybersecurity - image of lock on circuitboard background | Image Credit: kras99 / stock.adobe.com

The 3 Critical Components of Effective Cybersecurity

October 1st 2023
Article

Providing your dental practice with adequate cybersecurity measures requires blocking malware from systems, addressing any malware that does get through, and preparing to recover from a data breach.

Why Cybersecurity Matters. Image courtesy of arthead/stock.adobe.com.

Why Cybersecurity Matters

March 1st 2023
Article

Dental practices must stay on top of the best cybersecurity practices to keep private, important patient information safe and secure.

An Ounce of Prevention. Image courtesy of kras99/stock.adobe.com

An Ounce of Prevention

January 1st 2023
Article

The best way to protect against ransomware, viruses, and other dangerous malware is to buff up preventive measures so there’s zero chance of endangering your dental practice.

© 2024 MJH Life Sciences

All rights reserved.