Posted by Amy Carbone on Jun 11, 2019 9:30:00 AM
Today, patients may have to trust their dental professionals more than ever before. Beyond their health and safety, modern patients are also being asked to trust their dentists with their valuable personal, financial and medical information.
Dental school may provide you with extensive training in ways to keep your patients safe and healthy, but what about keeping their data safe? Preventing patients’ private information from getting into the wrong hands isn’t always easy.
According to a study published in the Journal of the American Medical Association in 2018, the digitization of medical records may be leading to an uptick in medical data breaches. Healthcare providers, including dentists, were the most common entity breached, with 37.1 million records breached from 2010 through 2017 according to the U.S. Health and Human Services Office for Civil Rights breach database.
A 2015 article on the subject by the California Dental Association reports that, according to the U.S. Department for Health and Human Services’ Office for Civil Rights, the data breaches of dental practices are slightly larger than those of medical practices, affecting an average of 4,707 patients per practice. The Ponemon Institute estimates the average dental practice breach to cost between $100,000 and more than $1 million.
Protecting your patient data and avoiding becoming a part of these staggering recent statistics is a responsibility you now face. Providers everywhere may want to take preventative steps before a breach costs them, their practice and their patients.
These five strategies are one way to begin assessing your risk and taking steps toward a more secure practice.
1. Conduct a HIPAA Security Risk Assessment
The Health Insurance Portability and Accountability Act (HIPAA) and the Centers for Medicare and Medicaid Service Electronic Health Record Incentive Program require healthcare providers to assess their electronic security risks as a regular part of compliance. In order to make this task easier, they provide medical and dental practices with a downloadable Security Risk Assessment Tool.
Medium and small practices can use the tool to create a risk assessment report outlining risks, challenges, and opportunities for improvement in their data security strategy. For further guidance on security regulation compliance, HIPAA offers many more resources for dental care providers, including an electronic security toolkit app.
2. Train Your Staff in Best Practices
Consider conducting a regular review and training of data security best practices with your entire staff. After all, even a minor mistake, such as a tablet left unattended in a clinical area, could put your entire system at risk for a breach and cost thousands.
Training resources are typically available from a variety of sources including your data breach security policy provider. HIPAA provides a comprehensive library of training materials and resources on their organization’s privacy and security rules. Their materials include a 61-page guide for healthcare providers, educational videos, privacy practices templates, sample contract provisions, certified software lists and more.
3. Take a Cyber Security Challenge
Consider taking on the lighthearted challenge of a virtual cyber security game made specifically for training healthcare providers and their staff by the Office of the National Coordinator for Health Information Technology. Players answer multiple choice questions about situations involving electronic security and patient information privacy.
The game covers best practices ranging from working remotely using laptops with encrypted information to transferring patient information via USB drive and more. At the end of each round, the training module provides written feedback and summaries of best practices covered.
4. Password Manager Tools
If your practice isn’t already using a password manager tool, consider starting. Password managers are simple tools that work as browser add-ons, using complex passwords to protect your information on any site you choose.
Instead of having to remember those complex individual passwords, the password manager tool stores all of your other login information. These tools prevent easy-to-guess passwords and/or a single password from being used to protect sensitive data.
According to a 2017 article by Consumer Reports, this simple change may be one of the top safety practices recommended by security advisors for consumers and businesses alike.
There are several options for free or low-cost password managers. Once you choose one, you may need to set aside some time to add each of your logins to the password manager. After it’s been set up, the password manager works seamlessly with your browser to automatically enter the correct passwords on any website you’re logging into. If you ever decide to stop using the tool, most password managers include an export option for making the transition easier.
5. Get Data Breach Coverage
Talk to your practice insurance advisor about data breach security as an addition to your business owner’s protection policy.
Data breach coverage may include training materials and resources to help you and your staff protect patient data. Then, in the case of an actual breach, policies typically provide the comprehensive response required by HIPAA compliance including professional response services to manage the incident.
Other benefits of data breach coverage may include post-breach credit monitoring for your patients, reputation management, security consultants, litigation defense funds, settlement costs and more.
Learn more about data breach coverage and options to help protect your practice from the Treloar & Heisel team.
About Treloar & Heisel
Treloar & Heisel is a premier financial services provider to dental and medical professionals across the country. We assist thousands of clients from residency to practice and through retirement with a comprehensive suite of financial services, custom-tailored advice, and a strong national network focused on delivering the highest level of service.
Treloar & Heisel and Treloar & Heisel Risk Management are divisions of Treloar & Heisel, LLC.
Insurance products offered through Treloar & Heisel, LLC.
Treloar & Heisel, LLC. and its divisions do not offer legal or IT advice. Please consult a professional concerning these topics.
