Complying with HIPAA laws may sometimes seem like a challenge for your dental practice, but these guidelines are crucial to help protect your patients. Here's why.
HIPAA Guidelines for Dental Practices
HIPAA laws could apply to dental services that may issue eligibility requests, pre-determinations, claims, claim status inquiries, and treatment authorization requests electronically. Additionally, dental practices may be required to advise all employees on how to safeguard, use, and disclose the personal health information (PHI) of dental patients to third-party suppliers, business associates, and patient family members.
Facts About Security Preparedness and Data Privacy
The statistics surrounding data security in the healthcare industry are staggering:
- In 2016, data breaches cost the healthcare industry a whopping $6.2 billion.
- Half of all data breaches in healthcare are caused by criminal activity.
- The other half of data breaches in healthcare are caused by third-party issues or employee mistakes.
- 78% of healthcare employees do not have enough training in data privacy and security preparedness.
- One-third of healthcare employees took unnecessary risks when faced with situations that could give unauthorized parties access to the office.
- 18% of healthcare workers took risk when dealing with cloud computing scenarios. Only 11% of the general population took those same risks.
- 26% of healthcare workers used a public, unsecured WiFi network to complete work-related tasks.
- Doctors were three times less likely to accurately identify a phishing email than non-physician staff.
The fact is, healthcare workers are drastically undereducated about how to handle sensitive data and the personal health information of patients. This includes dentists, hygienists, dental assistants, dental laboratory assistants, and other key dental staff. These numbers clearly illustrate the need for dental practices to address the issue of data security within their offices.
The Impact of Mismanaged Health Information in a Dental Office
When sensitive data is mismanaged in a dental office, it can leave patients vulnerable. Depending on what information was compromised, a data breach can result in patients becoming the victims of fraud, unwanted contact or harassment, or medical record errors. Or, people may gain access to the personal health information of others that harms relationships and careers.
The exposure of sensitive information may at best embarrass or upset patients, but their reputation may also be damaged, potentially resulting in fallout in nearly every area of life. Or worse, patients may lose their savings or have their credit destroyed if they become victims of fraud.
The Aetna Case
In 2017, popular insurance company Aetna accidentally revealed the HIV status of about 12,000 people. The company sent out letters to inform patients that they would now be allowed to fill their HIV medication at a local pharmacy after lawsuits against Aetna in 2014 and 2015 alleged that requiring patients to use a mail-order pharmacy denied them the right to consult in-person with a pharmacist about their HIV medication.
Unfortunately, these letters displayed the fact that they were taking HIV drugs for treatment or pre-exposure prophylaxis through the clear window of the envelope. Patients reported that due to the stigma that still surrounds HIV, having their status revealed to the public in such a tangible way caused significant financial and emotional damages. In early 2018, Aetna settled for $17 million.
Why HIPAA Laws Are Crucial for Dental Practices to Follow
Dental practices take in a great deal of personal information from patients, including full names, social security numbers, insurance policy ID numbers, and credit card information. This data can be used to commit financial fraud, identity theft, or insurance fraud. Additionally, genetic and biometric information is also contained in electronic health records, which if accessed by unauthorized parties, can be used to defraud or otherwise harm the patient. HIPAA laws intend to keep the sensitive personal health information (PHI) of patients from being accessed by anyone who doesn't explicitly need or have rights to.
How to Educate Your Dental Practice Staff on HIPAA Laws
There are several ways you can educate your dental practice staff about HIPAA laws:
- Train new hires thoroughly on HIPAA practices, highlighting any that particularly pertain to the dental industry and your practice specifically.
- Evaluate current staff on their HIPAA knowledge and bring staff up to speed with expanded education as necessary.
- Hold regular training sessions for dental assistants, lab technicians, hygienists, and administrative staff where you can refresh their knowledge, teach new concepts, and get feedback.
- Create processes within your practice that help protect your patients' information, such as requiring employees to change their login passwords every month or encrypting emails.
- Send memos, reminder emails, and post information about HIPAA laws in your office, particularly if and when any guidelines or processes need to change.
HIPAA guidelines are essential for all types of dental practices, from general dentistry to oral surgery. Make sure your staff fully understand why HIPAA is important, what HIPAA is designed to do, and how your dental practice can best facilitate the protection of personal health information with their help.
About Treloar & Heisel
Treloar & Heisel is a premier financial services provider to dental and medical professionals across the country. We assist thousands of clients from residency to practice and through retirement with a comprehensive suite of financial services, custom-tailored advice, and a strong national network focused on delivering the highest level of service.
Treloar & Heisel and Treloar & Heisel Risk Management are divisions of Treloar & Heisel, Inc.
Insurance products are offered through Treloar & Heisel, Inc.
Treloar & Heisel, Inc. and its divisions do not offer data security or legal advice. Please consult a professional concerning these topics.