Expert Dental Intel Consulting           Dental Intel Consulting Company           Dental Intel         Best Dental Intel Consultants       Contributing Writer 

3 minutes reading time (517 words)

Dental Consultant Tip: HIPAA Breach Notification

Dental Consultant Tip: HIPAA Breach Notification

As we have seen in the previous articles, there are numerous HIPAA rules and regulations that must be followed. Non compliance can often lead to fines and penalties that can be quite substantial.

However, in my mind, there is nothing more devastating to a practice than needing to declare a breach.

Data breaches have become common. There are reports in the news almost weekly about breaches in large corporations such as Target and Neiman Marcus. While these breaches can be upsetting to consumers, they don’t fall into the HIPAA rules as they don’t involve protected health information. A breach at a dental practice, unfortunately, would definitely be a HIPAA violation and requires a set of steps that must be taken.

Breaches can take many different forms. One of the most famous was a dentist in California whose server was stolen. This is an obvious breach of data. Other breaches would include someone hacking into your network, a former employee copying patient records before leaving the practice, emailing patient records to the wrong patient, etc.

So, what are the steps that must be taken? There are currently three things you must do by law:

1. You must notify all patients in writing, and not only inform them of the breach, but inform them which data was breached. This often includes social security numbers and credit card info. This, to me, is the most devastating part of the law. Our clients, who have reported a breach, have claimed a loss of 25-40% of their patients on average. It’s also considered proper protocol to offer credit checks for all affected patients to ensure there's been no identity theft.

2. You must notify the local media, such as local newspapers and TV stations.

3. You must have your practice listed on the Health and Human Services website. This site is affectionately called the Wall of Shame. There are currently around 1300 practices listed. 

The thing I find most frustrating about the Breach Notification is that most dentists are unaware that they have a “get out of jail free card” when it comes to this rule. That card is encryption. If you have encrypted the data at rest, and encrypt your data in motion, then you are exempt from the rule. The most common breach is loss or theft of a mobile device, such as a laptop or backup external hard drive. Encrypting these devices is relatively easy. There are free programs like Bitlocker and Veracrypt that can encrypt data. You’ll want to work with an IT professional to set it up properly but you just need to pay for the labor. Compared to the fines you face (up to $50k for the lowest level and $1.5 million for the highest level), encrypting your data makes sense for every dental practice.

While the Breach Notification rule can be devastating for a dental practice, properly planning to protect your critical data can ensure that you never have to go through this process. This is one of those situations where an ounce of prevention is definitely worth more than a pound of the cure!

Dental Marketing: Create A Ruckus
Dental Consultant Tip: HIPAA Contingency Plan

By accepting you will be accessing a service provided by a third-party external to https://www.mydentalconsultant.com/

 

Dental Practice Management

Dental Office Manuals & Handbooks

Thirty-Day Money-Back Google Verified Guarantee 

Instant Download • Unlimited Copies

1000s of Satisfied Users 

Order now to receive our #1 Dental Office Manager Manual with your package. 

50% Off Now!

Dental Office Manuals