To keep your dental practice secure from a data breach, you have to be proactive. Train your staff regarding password changes, and limit access to the internet.
Keeping the information of your patients secured is essential when you run a dental practice. The amount of information you have can be used to steal the identity of your patients if your data is breached, leaving your patients vulnerable to attack. If you have data breach in your practice, you have some obligations that you must fulfill. If you have more than 500 patients in your practice who had data stolen, your responsibilities grow even larger.
When You Have More than 500 Patients and a Data Breach
You have to have a solid understanding of the Health Insurance Portability and Accountability Act (HIPPA) breach notification rule no matter how your client data is stolen. Whether a hacker was able to get into your system remotely, you were the victim of a ransomware attack, or an individual took a laptop and has access to all of your patients, all of these are a data breach. You must follow the data breach notification rule, or you can be subject to fines and penalties for not notifying your patients appropriately.
The steps you need to take when there has been a data breach includes:
- Thoroughly investigating what happened, and identifying any protected information that may have been stolen.
- Categorize patients by state, age and whether they are living or deceased. Each category has different requirements for notification.
- You must notify each patient appropriately regarding the data breach.
- You are responsible for setting up a call center for patients to ask if they have any questions regarding the breach.
- You must offer to provide an identity monitoring service to your patients.
- HIPPA requires you to provide a press release for the local media.
- You need to file a report to Health and Human Services about the breach within 60 days.
It is tedious to deal with a security breach, and you’ll need to continue to run your practice at the same time. You can be better prepared against a security breach if you take the time to work with IT and learn how to better secure sensitive patient information. To keep your dental practice records better protected against a security breach, you should:
- Limit access to the internet on computers that store critical patient data.
- Create strong passwords, and change out system passwords every 90 days.
- Never store the credit card data of any of your patients in the system.
- Practice that a data breach has occurred. Take the steps necessary to identify who would be responsible for each part of dealing with the breach.
- Understand that dealing with a violation can be very costly, even for a successful practice. Consider getting the coverage you need to protect your assets in the event of a security breach.
The health industry is very susceptible to data breaches because of the sensitive nature of the information collected. Roughly one-third of patients who receive medical care will be involved in a data violation of some kind. This is why it’s important to leave as much sensitive information as possible out of a medical record and to limit the amount of time computers within your office are connected to the internet. Your system should be screened periodically to check for any suspicious behavior, and passwords changed at least every 90 days to keep your data secure.