With the risk of a cyber security breach increasing on a daily basis, below are some tips that will help a dental practice owner maintain the security that they need in order to protect patient information.
Plan for the Unexpected
- Create data backups regularly and reliably.
- Begin backing up data from day one of a new year.
- Ensure that the data s being captured correctly.
- Ensure that the data can be quickly and accurately restored.
- Use an automated backup system, if possible.
- Consider storing the backup far away from the main system.
- Protect backup media with the same type of access controls.
- Test backup media regularly for their ability to restore data properly, especially as the backups age.
- Have a sound recovery plan.
- What data was backed up (e.g., databases, pdfs, tiffs, docs)
- When the backups were done (timeframe and frequency)
- Where the backups are stored
- What types of equipment are needed to restore them
- Keep the recovery plan securely at a remote location where someone has a responsibility for producing it in the event of an emergency.
Control Access to Protected Health Information
- Configure your Electronic Health Record (EHR) System to grant Protected Health Information (PHI) access to only people with a "need to know."
- This access control system might be part of an operating system (e.g., Windows), or built into a particular application (e.g., an e-prescribing module), or both.
- Manually set file access permissions using an access control list.
- This can only be done by someone with authorized rights to the system.
- Prior to setting these permissions, identify which files should be accessible to which staff members.
- Configure role-based access control as needed.
- In role-based access, a staff member's role within the practice determines what information may be accessed.
- Assign staff to the correct roles and then set the access permissions for each role correctly, on a need-to-know basis.
Hopefully, this information will provide some simple security tips in order to prevent a HIPAA violation and/or security breach which can devastate a practice.
Stuart J. Oberman, Esq. handles a wide range of legal issues for the dental profession, including: employment law, cyber security breaches, practice sales, real estate transactions, lease agreements, OSHA compliance, dental board complaints, and professional corporations.
For questions or comments regarding this article, please call 97700 554-1400 or visit www.obermanlaw.com.
If you would like Stuart J. Oberman, Esq. to speak at an event, please contact Arielle Horner, Marketing Coordinator (arielle@obermanlaw.com).