Top 3 HIPAA compliance best practices for dentists
It's not just big companies. Small businesses, such as dental practices, with lower security measures can be prime targets for cyber-theft. HIPAA is extra important today.
Is your sensitive patient information safe? In 2017, 477 health-care organizations were victims of a breach. In total, 5.58 million patient records were affected.(1) Unfortunately, hackers don’t target just large organizations. Small businesses with lower security measures can also be prime targets for cyber-theft.
Protecting your patients’ protected health information is enough of a reason to follow HIPAA compliance best practices, but it isn’t the only reason. Failure to comply with HIPAA regulations could result in hefty penalties.
Also, compliance is not enough. Even if you’ve never had an issue maintaining HIPAA compliance, it’s worth reviewing these best practices. Improving the processes you use to stay HIPAA-compliant could save you time and money and make your dental practice more efficient.
1. Understand HIPAA compliance regulations
Understanding all the vague HIPAA compliance regulations can be a challenge. Before you can make any real changes to your dental practice, you need to have a full understanding of which regulations apply to you and how best to comply with them. Here are some resources available to you.
● The ADA offers a number of guides and resources in their ADA Practice Resource Center that walks dentists through the various HIPAA privacy and security regulations that specifically pertain to dentists.
● DentistryIQ offers several tips for staying current on HIPAA regulations, such as this downloadable HIPAA authorization records release form.
● Ask third-party vendors for guidance on how HIPAA applies to their solution. For example, a HIPAA compliant phone system should explain which HIPAA regulations apply to phone communications.
2. Create compliance policies and educate your staff
Creating clear compliance protocols and educating your employees is the best way to make sure your patient information is safe. Compliance policies should be easy to follow and be built into the existing workflows of your practice. Requiring your dental staff to input information multiple times or use an unnecessary number of software solutions will make it less likely that they’re willing to follow your standards. HIPAA compliance policies should:
● be clearly written out and available to all employees,
● become an integral part of new-employee training and be reviewed periodically by regular employees,
● include a breakdown of the responsibilities of each staff member and task,
● underline the importance of protecting patient health information so employees know the reason for the policies, and
● outline what to do in the event of a security breach.
Employee errors can be a major cause of data breaches. While having your security protocols clearly documented is a good first step, this should not be the only step taken to educate your employees on HIPAA best practices.
Schedule regular training sessions to go over your security processes and look for ways to improve. You should also look for vendors that are able to provide support for their software to make it easier to maintain compliance when your employees are working in third-party solutions.
3. Use HIPAA-compliant third-party solutions
We’ve discussed the use of third-party solutions because it’s a necessary part of maintaining HIPAA compliance in a way that helps make your practice more efficient. Using the wrong solutions can be extremely risky to your organization and your patients’ PHI. According to Ponemon,(2) 56% of organizations experienced a data breach caused by a third-party vendor.
It is extremely important to choose vendors that you can trust. When evaluating vendors, there are a number of criteria you should consider.
● Does the vendor solve the problem? Does the solution work within your existing workflow? These questions pertain less to compliance and more to whether or not the solution is even worth considering for your practice.
● Does the vendor have specific knowledge of HIPAA compliance for dental practices? Look for a vendor that puts a high priority on compliance.
● What security protocols does the business have in place to protect client information? Make sure the likelihood of a breach of their information—and by extension, yours—is unlikely. Vendors should be transparent about their security and be willing to offer business associate agreement (BAA).
● How is the vendor’s staff educated on security protocols? Just like your staff, make sure your third-party solution’ staff is certified regularly and goes through education and training.
It seems like we hear about a new data breach every day (and it does happen that often). This doesn’t mean your patients’ health information should be at risk. It also doesn’t mean your dental practice should slow down to maintain compliance. By implementing the right procedures and using the right third-party solutions, you can improve security and increase the efficiency of your practice.
For the most current practice management headlines, click here.
For the most current dental headlines, click here.
1. Protenus. 2017 Breach Barometer Annual Report. 2017:3. Available at https://www.protenus.com/2017-breach-barometer-annual-report.
2. Ponemon Institute. Data Risk in the Third-Party Ecosystem: Second Annual Study. 2017:5. Available at https://www.opus.com/ponemon/.