Contributing Writer

Contributing Writer AGD Dental ConsultingContributing Writer AGD Dentistry IQ Dental ConsultingContributing Writer DT Dental Consulting Contributing Writer Dr BiCuspid Dental Consulting

"Risky" Business

"Risky" Business

As discussed in previous articles, HIPAA has changed the way that dental practices need to operate. Not only do dentists need to be current on the latest technology and IT systems, but they must also ensure that they incorporate technologies in a HIPAA compliant manner.

While we’ve looked at things from a technical standpoint, most offices that have gone through the process of HIPAA compliance realize there are many administrative parts of HIPAA as well. In fact, more than 50% of all HIPAA rules and regulations are administrative in nature. 

While we will examine many of these in the coming months, there is one critical component that should be talked about first, as most HIPAA auditors will ask for this the minute they walk through the door, and that is a copy of your most recent risk analysis.

What is a risk analysis and why is it important? Well, HIPAA section 164.308(a)(1)(ii)(A) is quite clear, and it states, “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health 

information held by the covered entity or business associate.” This is a required section, so you must do this. Another section, 164.316(b)(2)(iii), says you must update it periodically.

So that's easy, right? Wrong! Because the people that put together HIPAA were purposely vague about the details. They understood that a risk analysis in a dental office is much different than one in a multi-location hospital, so they left it up to the covered entity (you) to figure out the details.

I would recommend that the following constitute a risk analysis:

Determine where the vulnerabilities exist.

Determine what threats your network faces.

Determine where you are at risk.

Collect data.

Identify and document threats and vulnerabilities.

Assess your current security measures.

Determine the likelihood of threat occurrence.

Determine the level of risk.

Finalize the documentation.

There are many ways to do a risk analysis. We offer a free one on our website at www.thedigitaldentist.com/risk-assessment and there are HIPAA professionals who can assist you to do similar assessments either remotely or onsite.

As far as the frequency, that is also up for debate. I recommend doing a risk analysis yearly, but if there haven’t been any significant changes to your practice, you can argue that every 2-3 years is also appropriate.

When is a Breach Not a Breach?
Are You Stretching?

Time for change

Free Practice Analysis

You can 2X or 3X your profits by "working smarter, not harder". Hundreds of our clients have done so since 1996.

Find out how with our Free Practice Analysis. Simply submit the form below and one of our veteran consultants will follow up to schedule. 

You will not be pressured or "hard sold" to buy anything. 

That is a promise.

 

 

Important: We respect your privacy and do not tolerate spam and will never sell, rent, lease or give away your information to any third party. 

Dental Office Manuals: Your Staff Training Solution

Affordable • No Contracts • Customizable Word Files

Unlimited Copies • Staff Checklists • Written Tests
 
Act now! 20% discount on complete package.

Look Inside All Eight Manuals