There is an increasing awareness of privacy issues when sharing patient records between specialists, dentists, and labs. Multiple regulations, including HIPAA, HITECH, and their Canadian equivalent PIPEDA, as well as professional dental bodies, have established very specific guidelines for the handling of patient information. Although the concept of keeping patient information private is not new, the amount of information being transmitted electronically from one office to another is at an all- time high. Electronic transmission of patient information, while clearly valuable, creates multiple opportunities for the potential loss of that data. But keeping your practice compliant does NOT have to be overwhelming — new innovations, developed in response to these challenges make compliance more convenient than traditional methods of sharing information.
Why compliance is important
Doctor-patient confidentiality is at the heart of the trusted relationship. It is doubtful that any practitioner would need to be convinced to keep these relationships private and all patient information tightly held. As electronic transmission has replaced traditional methods of information transfer, new regulations have set standards for electronic information security that extend doctor-patient confidentiality into the electronic world.
Ignorance of the law is no defense. In fact, fines have been levied against small organizations for not taking steps to protect the electronic patient files during their storage and transmission to colleagues. In the U.S., the Office of Civil Rights (OCR) has recently made HIPAA violations a priority, and it hired KPMG to audit organizations regarding HIPAA violations. While it’s easy to think that a random audit will never happen to your practice, a patient complaint can trigger a reviewof your practice. In Canada, one such patient complaint led to a significant fine to the practitioner, and a sanction that prevented the professional for from practicing for 10 days.
Email is NOT compliant
A significant and recurring violation occurs through the transmission of Protected Health Information (PHI) via email. Almost without exception, Outlook, Apple Mail, Gmail, or Hotmail are not compliant with HIPAA, HITECH, or PIPEDA regulations. Further, online storage sites such as Dropbox or Skydrive are no better since they do not comply with HIPAA standards.
Why are they not compliant? Even if your computer is secure, your message passes through dozens of unknown servers en route to its destination, with these “middle-man” servers making up the backbone of the Internet and email systems. Apart from there being a security issue, privacy legislation also requires the ability to audit systems for a detailed log of who was able to view PHI, complete with times and dates.
Email is NOT convenient
Besides a lack of security, email systems do not typically meet the needs of the dental practice to transmit files between practices, or between a practice and lab. High-resolution digital images, 3-D STL imagery, and DICOM studies are difficult or impossible to send because most email servers limit attachment sizes to 15MB to 20MB. This means dental professionals and labs may need to send or receive multiple emails per patient file, if they can be sent at all. While systems that enable large-file storage such as Dropbox provide an alternative for transmitting large files, these files are stored unsecurely in an unorganized manner. That is, there is usually little referential information included with the file, making long- term storage, retrieval, and management very difficult.
RELATED INFORMATION: HIPAA Safeguard Program
RELATED ARTICLE: DentalSmart selects ClearDATA for HIPAA-compliant cloud hosting
Compliance made convenient
With new technology that simplifies the communication process, communicating sending PHI to colleagues securely and in compliance can also be convenient, by enabling the transmission of larger files as required in dentistry through the same system. Secure-Mail™ enables dentists, specialists, and labs to easily and safely share private patient information, and is compliant with HIPAA, HITECH, and PIPEDA laws.
Exclusively available through Brightsquid Dental Link, Secure-Mail works just like email with an important distinction — all communication meets compliance standards. You can easily send protected health information to your colleagues in a trusted and compliant manner through Brightsquid’s secure messaging platform. Simply compose, attach, and send.
In addition to ensuring compliant communication, Secure-Mail is more convenient, enabling users to attach up to 500MB per message and send entire patient files to colleagues in one a single message. You can also view and annotate attachments right in Brightsquid’s multiple image viewers (3-D STL, DICOM, JPEG, etc.), available in the Brightsquid Dental Link Image Studio. Secure-Mail works with your existing email address, directly sending you notifications when you receive a new message or update. Simply click on the link in your traditional email to be taken to the Secure-Mail message.
Brightsquid Dental Link already has over 1,400 users in seven countries using Secure-Mail to safely share PHI. Secure-Mail meets or exceeds privacy laws and regulations set out in HIPAA, HITECH, and PIPEDA, and the product was built specifically to address the necessary safeguards and requirements.