In previous articles in this series, we have explored some of the HIPAA rules and regulations that affect the everyday lives of dental practitioners.
As most dentists are aware, the data that resides in your office is the most critical data you own: the patient records, schedule, documents, etc. are the lifeblood of your practice. The question is, what are you doing to protect that data? In my mind, there are three areas to concentrate on:
1. A firewall. This sounds easy, right? Just install a HIPAA-certified firewall and be done with it...except, no such animal exists. As a matter of fact, if you search through the HIPAA rules and regulations, you’ll be hard pressed to find the word “firewall” at all. What is a firewall? It’s typically a device which can protect against unauthorized connections by intercepting incoming and outgoing connection attempts and blocking or permitting them based on a set of rules. Almost all modern routers have firewalls built into them, and all versions of Windows have software firewalls incorporated as well, although it does require that you actually set it up and turn it on.
HIPAA doesn’t really establish a set of guidelines as to the features necessary, thus there’s no such thing as software or hardware this is HIPAA certified. For most offices, the router with the built-in firewall is adequate, systems like Sonicwall or Zyxel are also an option.
2. Antimalware protection. Unlike the firewall requirement, the need for antimalware protection is more cut and dried. According to Standard 164.308(a)(5)(ii)(B), covered entities must implement procedures for guarding against, detecting, and reporting malicious software. As with many other HIPAA rules, though, no specific guidance is given. In my experience, while there are a few free antimalware programs out that that permit use in a commercial environment, dental offices are best served by investing in paid antimalware software. I happen to be a big fan of the ESET products, but something from Trend Micro, Kaspersky, or other major vendors is likely more than adequate. If you are unfamiliar with the concept of “exclusions”, then have your IT company install the software. You’ll want to set up the software to exclude certain files that are immune to virus attack, as constant scanning of those files will result in network slowdowns and problems.
3. While antimalware software is critical, the fact is that many of them do not do the best job against some of the newer class of viruses called ransomware. These viruses get onto your system, usually via an infected email or website, and proceed to lock your files and demand a ransom be paid in order to unlock them; this ransom typically ranges from around $500 to $2000! While a good encrypted backup is your best, last line of defense, never getting the virus in the first place is better. One program to consider is called Cryptoprevent, it is often on sale for less than $20 per computer for life-time upgrades, it’s a great program that I highly recommend.
By taking at least minimal measures to protect and secure your data, you are ensuring not only HIPAA compliance but also the peace of mind of knowing that your most valuable asset is safe and sound.