Data breaches don't just happen to financial institutions. Health care providers, including dentists, are at risk for security violations. Here are some steps you can take to try to prepare.
What is a Data Breach?
According to Norton, a data breach is "a security incident in which information is accessed without authorization." Most often, data breaches involve personal identifiable information (PII), personal health information (PHI), intellectual property, and trade secrets.
Why Would Hackers Target a Dental Practice?
Hackers often target dental practices and other medical providers because patient records store a wealth of data they can use to commit crimes like identity theft and health insurance fraud. Credit card data theft is also a reality for dental practices who store patient payment information in their system records.
Data Breach Protection– How to Avoid the Costs of a Data Breach
The best way to address a data breach is to prevent it before it happens. Here are some ways your dental practice can be proactive about protecting sensitive patient records:
Employ Methods to Protect Data
There are numerous methods used to help protect data from theft across multiple industries, such as:
- Firewall security
- Server monitoring
- Virus protection
- Data encryption
- Annual security risk assessment
Dental practices can work with an experienced IT company to develop a multi-pronged data protection strategy. Your data breach coverage insurance provider may also provide protection strategies and resources.
Discuss what type of hardware and software offers your practice the right protection against hackers, harmful viruses, and other cyber threats. Compare the cost of dealing with a data breach after the fact to the cost of solid security measures and data breach coverage.
Employees should have training on how to protect sensitive patient data.
Ensure they receive proper HIPAA training and understand how to handle patient records and protect patient privacy according to HIPAA guidelines. This includes information in both physical and electronic records. You may also want to consider offering additional training on specific security software systems and email security.
Avoid Storing Credit Card Data
Many hackers are after patient payment information for the purpose of credit card fraud. If you keep credit card data and other payment information on file, you increase the risk of a data breach substantially. Instead, avoid storing credit card data on your servers and instead use a third-party processing system for automatic payments.
Data Breach Coverage
You may not ever be able to completely protect your practice from a data breach. But you can be prepared to fight back quickly and with precision as soon as a breach is discovered. Your dental practice insurance provider may offer data breach coverage as part of your business owner’s protection policy.
Data breach coverage can help to mitigate costs associated with a data breach including response services and management, public relations, good faith advertising, patient credit monitoring, patient notification services, legal fees and more.
What to Do When a Data Breach Occurs
Even the best defense against a data breach only reduces the risk that one will occur– it can't guarantee that one won't. If your dental practice does experience a breach despite having implemented a data breach protection plan and data breach coverage is in force, contact the insurance company for direction. Here's what your next steps typically are:
Conduct a Forensic Investigation
Once you've discovered that a data breach has occurred, it's usually important to conduct a forensic investigation to determine how the breach happened and what information could potentially be compromised. You can use this information to tighten security for the future and to quickly notify patients whose personal health information or personal identifiable information may be at risk.
Of course, you may need the help of professionals to conduct a proper investigation. Check with your data breach insurance provider, if you’ve chosen one, to ensure this critical step is part of your policy. Patients may want to know exactly how this happened as well as how you’re planning on preventing it from happening again.
Begin Notifying Patients of the Breach
It's generally important that you notify all of your patients about the security violation, not just those whose information may have been compromised as a result, but review this topic with your data breach insurance company and legal counsel. You may want to consider providing your patients with free credit report monitoring for six months or a year following the breach as a courtesy. A credit report monitoring service can alert patients to changes in their credit report immediately, so they can take action to stop fraudulent activity as soon as possible.
Having the right data breach insurance coverage, provides insurance company guidance as to what needs to be done. Policies may also include patient notification and credit monitoring as a standard part of the insurance company’s response to a breach.
Publish a Press Release Addressing the Breach
Your dental practice may be required by HIPAA law to publish a press release that informs the public about the breach. While this is probably the last thing you want to do if you've experienced a breach, it may be necessary to do when you provide healthcare services to patients. For dental practices with data breach coverage, this service is typically included in the management and aftermath of a breach.
In the release, you may need to indicate how the data breach occurred, what information may be compromised, and what steps your practice has taken not only to reduce the impact of the breach but to protect against future security violations.
Own a Dental Practice? Get Data Breach Support
As a dental practice, you may be more at risk for a data breach than you know. You have a duty to protect the sensitive information of your patients to the best of your ability. Not only can your data breach coverage help you lower your risk of experiencing a data breach, it can help you deal with the aftermath of a security violation, and mitigate the costs, if one occurs.
About Treloar & Heisel
Treloar & Heisel is a premier financial services provider to dental and medical professionals across the country. We assist thousands of clients from residency to practice and through retirement with a comprehensive suite of financial services, custom-tailored advice, and a strong national network focused on delivering the highest level of service.
Treloar & Heisel and Treloar & Heisel Risk Management are divisions of Treloar & Heisel, Inc.
Insurance products are offered through Treloar & Heisel, Inc.
Treloar & Heisel, Inc. and its divisions do not offer legal or information technology advice. Please consult a professional concerning these topics.