3 Tips to Help Secure Your Practice From Identity Theft

Posted by Amy Carbone on Mar 16, 2020 9:00:00 AM

Identity theft is on the rise, with a staggering 1 in 15 people becoming the victims of this type of fraud. Here are some ways your dental practice can help protect your patients.

1. Develop a Strategy for Managing Sensitive Information

It's critical that your dental practice be proactive about the development of data security measures. Under HIPAA, a dental practice may be required to take certain actions to protect the Personal Health Information (PHI), Personal Identifying Information (PII) and financial information of its patients.

Consider working with an IT security professional who has specific experience working with dental practices. It's important that you select a security partner who understands the specific needs of the dental industry and how to effectively protect your practice and your patients.

2. Create Acceptable Use Policies within Your Dental Practice

An Acceptable Use Policy (AUP) is a potentially critical document that governs the use of the Internet within your dental practice. It should outline the rights and privileges that staff members have to access the Internet, as well as their responsibilities. This includes browsing behavior, excluded websites, downloading and uploading data, internet searches, and any other online behavior. This policy could also identify examples of prohibited behavior, and detail what consequences will be imposed when AUP guidelines are violated.

3. Take a Multi-Pronged Approach to Securing Your Network

Avoid relying on just one or two security measures to protect your network. Instead, you should have a multi-tiered approach that covers both basic and advanced strategies.


A firewall can help block malicious web traffic, such as hackers and viruses attempting to come into your network. This security device monitors all traffic coming in and out of your network, and blocks certain data packets from entering based on a previously established set of security guidelines. Generally, a firewall is the first line of defense for your dental practice and creates a barrier between suspicious external traffic and your internal office network.

Secure Email

Unfortunately, email is the number one entry point for cyber attackers. Dental practices send a great deal of sensitive health data over email, and when intercepted, this data can be stolen and used for fraudulent purposes. While most email clients offer basic anti-spam security, it's usually not enough to protect against the high-level security risks faced by dental offices. With email threats constantly evolving, it may be critical for dentists develop a robust email security strategy that protects against viruses, phishing attacks, and other serious risks.

Data Encryption

Data encryption is a security tool that encodes information in a way that can only be deciphered or accessed by a user with the proper encryption key. Encrypted data, also called ciphertext, appears scrambled or otherwise unreadable without the key. This deters unauthorized access and tries to make it  as difficult as possible to decrypt and use stolen data. Dental practice owners can use encryption to protect the health and financial data of patients.

Virtual Private Networks (VPNs)

A VPN, or virtual private network, is an encrypted connection between the devices on your network and the Internet. The VPN encrypts outgoing and incoming data so it can be safely transmitted over a secure connection. Using a VPN in your dental practice allows your staff to work remotely with a reduced risk of unauthorized users intercepting transmissions. VPN technology is used by most businesses, particularly in the health care sector to help protect patient data under HIPAA laws.

Secure Text Messaging

Like email, text messaging presents a challenge when patient data is sent via unsecured electronic communications. SMS can be easily intercepted when sent via traditional means, putting sensitive financial and health information at risk. Dental practices should consider using a secure text messaging app to communicate with patients via SMS that offers access and audit controls, transmission security, identification authentication, and integrity controls. Most healthcare SMS applications offer familiar user interfaces and similar functionality.

However, there may still be other restrictions on text messaging patient data. 

Data Loss Prevention

Data loss prevention, or DLP, is a technology that helps prevent end-users from transmitting sensitive or protected data outside of your network. DLP software can also help your practice control what types of data your end-users can transmit. This means that your staff cannot maliciously or accidentally send data that could put your dental practice at risk. 

For example, if a dental associate attempted to forward a patient record via email to someone outside the network or upload it to a cloud storage service, the associate could be denied permission.

4. Offer Your Staff Robust Security and Patient Privacy Training

Data security in a dental practice is far from simple, and there are a multitude of layers to protecting sensitive patient information. Provide your employees with ongoing security training that not only covers the basics of why security is important and what can happen without good security measures in place, but also discusses the specifics. Have learning lunches where employees review the latest phishing scams or hold a monthly seminar that refreshes staff on how they can be increasing the security of patient data.

5. Create a Business Continuity Plan

Unfortunately, even the best prevention tactics aren't 100% foolproof. The risk, although small, still exists and it's important that your dental practice is prepared. A Business Continuity Plan (BCP) identifies what actions need to be taken by whom after a cyber attack where critical data has become compromised. Your BCP could discuss next steps to halt loss, recover data, and maintain functionality. A continuity policy could allow you to both address the loss and continue operations as normal.

6. Add Data Breach Insurance to Your Business Owner’s Protection Policy

In the event of a data breach, this important coverage can help mitigate some of the costs associated with a data breach. Examples of such costs may include credit monitoring, notification services, legal fees, and more. Some policies may include data breach preparedness services and response services and assistance for fast, multi-faceted action both before and after a data breach.

Protect Your Patients — and Your Dental Practice —with Treloar & Heisel

At Treloar & Heisel, we understand the importance of protecting your patients' critical data. We also know that it's equally important to plan for the worst-case scenario. We offer a wide variety of insurance products to dental professionals to help give you peace of mind that your practice is insulated from unpredictable events. Contact us today to learn more, or download your free copy of our eBook, Disability Income Insurance for Dentists here.

Treloar & Heisel and Treloar & Heisel Property and Casualty are divisions of Treloar & Heisel, Inc.

Insurance products offered through Treloar & Heisel and Treloar & Heisel Property and Casualty.

Treloar & Heisel, Inc. and its divisions do not offer legal or IT advice. The above information is intended for general informational purposes only. Please consult a professional concerning these topics.

Topics: Data Breach Coverage