How to protect your practice, your patient’s information and your reputation
The dental profession is rapidly changing with the influx of new digital technologies and the conversion and reliance on electronic data to run your practice. With obstructive sleep apnea and oral appliance therapy, we are now involved with medical billing which increases the transfer of patient private information outside the practice. With these changes to our office infrastructure, we become more vulnerable to cyber security threats. The growing volume and sophistication of cyberattacks targeting the health care industry is of great concern. As practice owners, we are at a point where we need to increase our data security efforts to ward off these threats. A cybersecurity breach can be very costly, both financial and reputational, which can wreak havoc on a medical or dental practice.
Many doctors believe that cyber criminals are not a threat to their small offices. However, when choosing between a large corporation or bank with large security teams and significant investments in information security devices vs. a medical or dental office with no firewall or security team, the doctor’s practice is the easy target. In addition, many hackers specifically target small dental and medical offices because we have the crown jewels – protected patient information which is worth 10 fold that of credit cards in the black market.
As medical and dental practices become more frequent targets for cyber criminals, this puts the practice owner at great risk. These offices hold a vast amount of data, including names, health histories, addresses, birthdates, social security numbers, and even banking information of hundreds or thousands of patients. The threat of this information being stolen by a staff member or a cybercriminal is great, and practice owners must address this concern before a theft creates a legal nightmare for the practice.
In this year’s California Data Breach Report, recently published by the state’s Attorney General, showed that data breaches affected over 49 million records of Californians. The number of data breaches continue to increase at an alarming pace along with the federal Department of Health and Human Services’ Office for Civil Rights (OCR) increasing audits and fines for non-compliance. The bottom line is that we need to take action.
If a data breach were to occur, a letter needs to be sent notifying all patients affected by the data breach, credit monitoring would need to be provided, along with a press release issued to prominent media outlets informing the public of the data breach and posting the incident on practice website. In addition, event notification must be sent to the US Dept. of Health and Human Services (at which point, a notice would be posted by HHS on the “Wall of Shame”) and state agencies. An audit by the agencies would likely ensue with the potential of fines being levied by state and federal agencies and the state attorney general. Civil lawsuits by patients are also a possibility.
We as healthcare professionals can no longer put our head in the sand and ignore what is required by law. HIPAA compliance and moreover, good data security practices need to be proactively addressed in the dental profession. The good news is there are solutions available, like Data Guardian Pros (DGP) that was specifically designed by doctors in healthcare and some of the top leading security professionals to help address these challenges. Join us today to help protect the information of your patients and the reputation of your practice.
Data Guardian Pros provides a turnkey solution for the dental practice with four facets of defense. The DGP platform provides an online HIPAA compliance portal designed to provide up to date doctor/employee training, ongoing security and awareness web training. Risk assessments are done yearly for HIPAA privacy and security requirements, compliance guidance for the office with gap analysis and remediation steps to bring the office into compliance. DGP provides 24/7 network security monitoring with real time alerting, monthly reports and support for incidents. With HIPAA compliance achieved, the practice will receive a Certification of Compliance that can be displayed illustrating the practice’s desire to protect their practice, their patient’s private information and their reputation.