We get it, HIPAA isn’t the most exciting topic out there. However, it is a topic that needs to be a priority to every dental practice. A lack of attention to HIPAA details could cost you. HIPAA (Health Insurance Portability and Accountability Act) was established in 1996 as a way to promote and standardize information stored and exchanged, as well as create a guideline for transaction, security, and privacy standards. A common buzzword associated with HIPAA is PHI (Protected Health Information) which is individually identifiable health information that is held or transmitted by a covered entity or its business associate. There are 3 primary categories in HIPAA that we should first take a look at.
The HIPAA Privacy Rule establishes standards to protect individuals’ medical records and other personal health information. The HIPAA Security Rule deals with electronic Protected Health Information (ePHI). The HIPAA Breach Notification Rule requires covered entities to notify affected individuals, HHS, and in some cases, the media of a breach of unsecured PHI.
Now that we have reviewed the nuts and bolts of HIPAA, what do you think the most common HIPAA violation is? Negligence. Negligence can in the form of either intentional or unintentional. More often than not in a dental office, unintentional negligence is the most common. Human error is the number one offender for unintentional negligence. It can be as simple as an employee who forgets to log out of the computer when leaving, or other violations such as improper data disposal or a lost backup device. A first step in minimizing the unintentional acts is with proper staff training. HIPAA education and processes should be ongoing in your practice. Every team member should participate in HIPAA training and should understand the do’s and don’ts that surround patient data.
So, what are you doing to keep your office HIPAA compliant? For starters, do you feel that you are keeping up with your computer security? The modern practice relies on technology for successful and seamless daily operation, and not having a safe and secure technology system could lead to costly downtime and even violation fines. One way to make sure your practice is doing all that it can to back up data is with XLBackup. This offsite backup storage uses HIPAA compliant encryption technology system that stores your data in multiple data centers. For added security and peace of mind, this solution is consistent with NIST publication 800-11 and follows Federal Information Processing Standards (FIPS) 140-2. Using XLBackup is an easy way to make sure your information is automatically backed up to a secure location, and the more automation surrounding your data, the better.
Another area to consider when making sure you are staying HIPAA compliant is an encrypted email service. XLDent offers SecureMail which is a HIPAA compliant email service that will secure sensitive patient email and file attachments from accidental exposure and data theft. SecureMail ensures compliance, guards your reputation, builds customer trust, and reduces business process costs.
There are many tips you can find surrounding HIPAA compliance and best practices. Here are a few you can start implementing today.
- Make sure your team is trained in HIPAA compliance.
- Regulate who has access to sensitive information.
- Keep an inventory of your office computers and devices.
- Wipe down tablet and touchscreen devices to ensure clear entries and to prevent easy guessing for entry to systems.
- Do not share passwords.
- Keep anti-virus scanning software up to date.
For more information about offsite backup, email security and other services to keep your data safe visit www.xldent.com.