Dental offices continue to become more reliant on digital technology. From the storing of patient records to the email and transmission of documents such as x-rays, you are responsible for ensuring HIPAA compliance. Maintaining proper procedures for handling protected health information (PHI) ensure that your patient’s privacy remains secure and you avoid potentially costly fines for a violation. Here are four areas to consider when complying with the HIPAA Security Rule and Privacy Rule.
Don’t send PHI through unsecured email.
Standard email isn’t considered secure. This means that once it leaves your computer and travels through the internet, it could possibly be intercepted by a third party. Most dental practices use email such as Outlook, Hotmail, Gmail, Yahoo or their domain hosting company, and some are able to send through their practice management software. None of these standard email clients meets secure encryption standards. While truly encrypted email isn’t as user friendly as standard email, it remains the only HIPAA compliant option for emailing PHI.
Use data encryption for computers, laptops, servers and removable drives whenever possible.
The vendor that handles your patient management software will be able to tell you whether your data is encrypted or provide solutions if it isn’t. Encryption is considered an “addressable specification” under HIPAA security rules. This means that while encryption isn’t directly required, it is suggested to protect patient data and create a more manageable situation should your computer hardware ever be stolen. The California Dental Association has published an excellent article regarding computer theft and encryption.
Ensure that your HIPAA Privacy Policies are up to date on your website.
In September of 2013 new HIPAA standards became effective. As a result, the Privacy Statement on your website should be up to date and reflect these changes. If you’re a Smile Savvy customer, simply email us your new HIPAA forms for placement on your website. You can send updated forms through the website changes link found on the homepage of our website.
We encourage you to contact your HIPAA advisor, dental software company or the AAPD or ADA for a recommendation on HIPAA compliance and best practices. Additionally, you can learn more about 2013 changes to HIPAA by visiting the ADA website.
