When we speak to dental practice owners about their patient records, they usually say the same thing, we are secured and HIPAA compliant. After a short conversation we usually find the same common holes in their system. It seems many practices have the same mentality when it comes to data back up and security. Most of the time this works…until it doesn't. For those unfortunate few this can lead to a fine of up to $1.5 million. Few practices can survive that. Because most practices are in jeopardy there is a security in knowing you’re at risk but you’re not alone. In aviation this is known as the ‘big sky’ defense. This is the term some pilots use to calm nerves about mid-air collisions when flying in airspace that is not monitored by air traffic control. The thought is that it’s a big sky so it’s unlikely someone will hit us. That’s not exactly the most comforting thought when you’re 20,000 ft up. Luckily for us most commercial traffic is closely monitored and multiple systems are in place to protect us when we fly.
Some managers say “Our office uses paper documentation, so we are okay.” Sadly, in the event of theft, or a tornado, fire, or flood, you are still responsible for the paper documentation and any potential breach of information.
Another common theme, “Our office has in-house servers and our data is secured.” Unfortunately in house servers require up-to-date anti-virus protection and robust data backup. When done right these servers cost thousands of dollars to keep current and online. (As you may know, anyone who is still using Windows XP is vulnerable) Additionally most data backup systems are cumbersome and some are woefully inadequate. Have you ever re-stored the backup? It’s a common fatal mistake assuming that backup will work. In reality this is unfortunately not guaranteed to work.
Many busy dental practices are relying on this ‘big sky defense’ to protect themselves from a HIPAA violation or a security breach. We commonly hear that managers prefer paper or in office electronic storage (office server) to any sort of online storage system. The thought is that the records in the office are secure and records out there on the web can be hacked. The fact is the exact opposite! The potential for a security breach is much higher with existing systems in place like paper and in-house systems
Those unfortunate few who have a security breach from theft or accident can be liable for civil and criminal penalties. Many practices cannot survive the penalties, fines, and the potential cost from a damaged reputation.
Just the facts:
In 2014 reported HIPAA breach cases paper documentation was found to be the most vulnerable and involved almost 22% of breach cases, 50% of these from theft and loss.
In-house servers, laptops, desktops were an even bigger threat and involved 50% breaches, theft cases are 72%.
A few of common themes:
“On-premise system servers (managed by Contractor) hacked”
“Backups of on-premise system were stolen from home”
“Portable hard-drive was left inside a van. Van was then stolen”
“Laptop or server stolen from the office”
The chances of data breach are small but the financial risks are very large. Paper & In-house storage systems are at higher risk and can be addressed today by implementing Cloud based solutions.
The medical community has been struggling with this same issue for many years. Patient records have been liberated by Cloud-Based solution providers like AthenaHealth, Practice Fusion, Cerner, etc., and these solutions have a good track record. HIPAA violations aren't happening from the cloud but they’re happening in the practice, home, cars, homes, etc.
These cloud-based solutions are not only built by experts but also managed by experts. The cloud solution provider has expertise and resources not available to many small practices
Contact us at tab32.com to learn how you can address this solution at almost no additional cost! In fact chances are that what you’re doing now is not only inferior it’s also more costly.
Kiltesh Patel, MS, MBA, has 15 years of experience in enterprise technologies and bio-medical informatics. He is a subject matter expert in developing & implementing key data management strategies. He has lead several large-scale open and closed source technologies projects.
Our purpose is to promote awareness of legal issues that may affect dentists and dental practices. This document is not intended to provide either legal or professional advice, and cannot address every federal, state, and local law that could affect a dentist or dental practice. Because the law varies from jurisdiction to jurisdiction, and sometimes changes more rapidly than these materials, we make no representations or warranties of any kind about the completeness, accuracy, or any other quality of the information in the above piece.