Dental Consultant Tip: HIPAA Breach Notification
As we have seen in the previous articles, there are numerous HIPAA rules and regulations that must be followed. Non compliance can often lead to fines and penalties that can be quite substantial.
However, in my mind, there is nothing more devastating to a practice than needing to declare a breach.
Data breaches have become common. There are reports in the news almost weekly about breaches in large corporations such as Target and Neiman Marcus. While these breaches can be upsetting to consumers, they don’t fall into the HIPAA rules as they don’t involve protected health information. A breach at a dental practice, unfortunately, would definitely be a HIPAA violation and requires a set of steps that must be taken.
Breaches can take many different forms. One of the most famous was a dentist in California whose server was stolen. This is an obvious breach of data. Other breaches would include someone hacking into your network, a former employee copying patient records before leaving the practice, emailing patient records to the wrong patient, etc.
So, what are the steps that must be taken? There are currently three things you must do by law:
1. You must notify all patients in writing, and not only inform them of the breach, but inform them which data was breached. This often includes social security numbers and credit card info. This, to me, is the most devastating part of the law. Our clients, who have reported a breach, have claimed a loss of 25-40% of their patients on average. It’s also considered proper protocol to offer credit checks for all affected patients to ensure there's been no identity theft.
2. You must notify the local media, such as local newspapers and TV stations.
3. You must have your practice listed on the Health and Human Services website. This site is affectionately called the Wall of Shame. There are currently around 1300 practices listed.
The thing I find most frustrating about the Breach Notification is that most dentists are unaware that they have a “get out of jail free card” when it comes to this rule. That card is encryption. If you have encrypted the data at rest, and encrypt your data in motion, then you are exempt from the rule. The most common breach is loss or theft of a mobile device, such as a laptop or backup external hard drive. Encrypting these devices is relatively easy. There are free programs like Bitlocker and Veracrypt that can encrypt data. You’ll want to work with an IT professional to set it up properly but you just need to pay for the labor. Compared to the fines you face (up to $50k for the lowest level and $1.5 million for the highest level), encrypting your data makes sense for every dental practice.
While the Breach Notification rule can be devastating for a dental practice, properly planning to protect your critical data can ensure that you never have to go through this process. This is one of those situations where an ounce of prevention is definitely worth more than a pound of the cure!
Dental Practice Consulting Analysis
Affordable. Contract Free. No Travel.
Google Reviews 5.0 ⭐️⭐️⭐️⭐️⭐️
Our 25th Year | Grow Your Practice
There is the good, the bad and the ugly of dental practice management, but many dentists will still tell you the probability is your dental consulting will work if you and your consultant are on the same page. It stands to reason that if a dental consultant had little value, worth or benefit that consultant could not stand up to harsh economic realities for long. A veteran dental consultant is also a "personal coach" who shold bring management wisdom based on "in the trenches" experience along with systems and protocols to that have been successfully implemented in other practices. Top dental consultants talk and network with each other. They pay attention to what systems work and don't across many dental practices.
New Patient Phone Call
New Patient Experience and Patient Education
Daily and Weekly Checklists
General Policy Manual
What gets monitored, gets managed. It is as simple as that. The only way to monitor what gets done is with daily stats especially for your weak areas. For example, one employee should be specifically responsible for calls to patients who are unscheduled, overdue for re-care or need reactivation. Other staff can and should help in coordination with the accountable employee.
What most practice owners are lack in knowledge is not how to book an appointment, but rather how to be an effective leader. The best systems in the world are useless if the staff do not comply. Good leaders know how to get staff to willingly follow through and comply.
Questions To Ask
Do you and/or your staff have to travel or does the consultant come to you?
Is the program mostly one on one consulting versus seminars or courses with multiple clients in attendance?There are advantages to both.
If the dental consulting is one on one who will actually deliver the consulting? I recommend knowing who your specific dental consultant will be prior to signing on the dotted line.
Is program based on a specific dental practice management system? You want to avoid cookie-cutter programs. Ensure the program will be tailor-made to fit your practice's specific needs.
The cost (including travel expenses and downtime) is certainly not the only factor, everything else being equal, it is still a major factor to consider. It's unwise to pay too much, but it's worse to pay too little.
Top Dental Practice Mangement Consultant
My name is Kevin Tighe. Consultant. Coach. Mentor.
My mission is to advise, recommend and help implement proven systems to grow your practice .
Before joining the Cambridge team I was in charge of setting up workshops for large nonprofits throughout the United States and Canada. During that time, I was fortunate to receive mentoring from several world-class business consultants, including a dental practice management guru, which led to a position at Cambridge as their seminar organizer. In time, I began crisscrossing the country delivering seminars myself for the better part of a decade. Subsequently, I moved up to senior consultant and eventually partner and now sole owner.
Free Practice Analysis
Step One: Fill out and submit the form below.
Step Two: I will call or text you to schedule a 30 minute call.