According to a study published in the Journal of the American Medical Association in 2018, it seems like digitizing medical records might be causing more medical data breaches. Even dentists, among other healthcare providers, experienced breaches with a whopping 37.1 million records compromised from 2010 to 2017, as indicated by the U.S. Health and Human Services Office for Civil Rights breach database.
A 2015 article from the California Dental Association suggests that dental practices actually face slightly bigger breaches compared to medical practices. On average, about 4,707 patients are affected per dental practice, according to the U.S. Department for Health and Human Services Office for Civil Rights. The Ponemon Institute estimates that dental practice breaches could cost anywhere from $100,000 to over $1 million.
It's now your responsibility to protect your patient information and avoid adding to these alarming statistics. Providers all around should consider taking proactive measures to prevent breaches that could end up costing them, their practices, and their patients.
These five strategies are a good starting point to evaluate the risk of dental offices and work towards a more secure practice.
#1 Improving the Qualifications of Employees
You should consider conducting regular reviews and training sessions with your entire staff to ensure data security best practices are followed. Even a minor mistake, like leaving a tablet unattended in a clinical area, can pose a risk of breaching your entire system and incurring significant costs. Training resources for data breach security policies are typically available from various sources, including providers of HIPAA. HIPAA offers a comprehensive library of training materials and resources on privacy and security rules. Their materials include a 61-page guide for healthcare providers, educational videos, privacy practice templates, sample contract provisions, and certified software lists, among others.
#2 Pass the Test
Why not try out the fun virtual cyber security game tailored for healthcare providers and their staff, created by the Office of the National Coordinator for Health Information Technology? You'll be faced with multiple-choice questions that test your knowledge of electronic security and patient information privacy.
The game covers a wide range of best practices, including working remotely with encrypted laptops, transferring patient information using USB drives, and more. After each round, the training module offers written feedback and summaries of the best practices covered. For example, do you know why VPN apps are important? Hint, you need to download VeePN to secure your connections and data, but that's not all. Give it a go and enhance your skills!
#3 Consider the Insurance Possibility
Discuss with your practice insurance advisor regarding the addition of data breach security to your business owner's protection policy. Data breach coverage often includes training resources to assist you and your staff in safeguarding patient data. In the event of an actual breach, these policies typically offer comprehensive response services to ensure compliance with HIPAA requirements, including professional response management. Additionally, data breach coverage may provide post-breach credit monitoring for your patients, reputation management, security consultants, litigation defense funds, settlement costs, and many more benefits.
#4 Wise Password Management
If your practice doesn't already utilize a password manager tool, you might want to consider starting. Password managers are simple tools that function as browser add-ons, employing complex passwords to safeguard your information on any chosen site. Rather than having to memorize those intricate individual passwords, the password manager tool stores all your other login information. These tools prevent the use of easy-to-guess passwords or a single password to protect sensitive data. As indicated by a 2017 article from Consumer Reports, this straightforward change may be one of the top safety practices recommended by security advisors, both for consumers and businesses alike. There are various options available for free or affordable password managers. Once you pick one, you may need to allocate some time to add each of your logins to the password manager. Once it's all setup, the password manager works seamlessly with your browser, automatically entering the correct passwords on any website you log into. If you ever decide to stop using the tool, most password managers include an export option to simplify the transition.
#5 Conduct a HIPAA Security Risk Assessment
The Health Insurance Portability and Accountability Act (HIPAA) and the Centers for Medicare and Medicaid Service Electronic Health Record Incentive Program require healthcare providers to regularly assess their electronic security risks to stay compliant. They provide medical and dental practices with a downloadable Security Risk Assessment Tool to make this task easier. Medium and small practices can use the tool to generate a risk assessment report that identifies risks, challenges, and opportunities for enhancing their data security strategy. For additional guidance on complying with security regulations, HIPAA offers dental care providers numerous resources, including an app called the electronic security toolkit.
Conclusion
It's important for every dental clinic to include proper data destruction in their information management process. This not only ensures the safety of your patients but also upholds the integrity of your practice.