As Dr. Lorne Lavine points out in his Modern Dental Network article, there are 5 common HIPAA Compliance mistakes many practitioners make that can easily be avoided. Here they are with our own twist as they pertain to today's Dental practices.
- Not Encrypting Data - this is usually handled by the major software vendors like Dentrix and Eaglesoft, but not always. You should ask your vendor this question if you are not sure. Also of note is the fact that encryption while the file is at rest is one thing, encryption while it is in transit (such as moving between a computer and a server) is quite another thing. Again, most software vendors will handle this for you, but it's good to confirm that it is being done.
- Not Backing Up Patient Data Regularly - Even if you have a backup system in place, how do you really know it's working? When was the last time an attempt was made to restore any data? Backing up is not the only concern, verification that you can restore the data when you need it is crucial.
- Sending Patient Information through Email - If I had a nickel for every time I've seen this, well... I'd be writing this blog article from Aruba instead of my office. Some practices try to avoid this by putting an Employee policy in place restricting this from being done. While that might provide some liability assurance, it doesn't really work. Email Encryption mechanisms have come way down in price and are affordable for even the smallest practices, so there really is no reason to worry about it, just encrypt it if you are going to use email that way.
- Use file sharing applications like Box, Dropbox, etc. - A lot of these services are now claiming compliance and I suppose the validity of those claims that could be debated ad nauseum, Where compliance is concerned, it's important to show due diligence. Basically, take simple steps towards compliance each year. You'll get there eventually, as long as you keep working at it and reduce your risk of a breach.
- Not Restricting Access to Patient Information - This one can be a little tricky as most clinical people move from one exam room or operatory to another. There are some feasible tips to help with this such as ensuring that the computer is locked before you leave the room, and putting in screen timeouts so that the screen goes black when not in use.