A vital part of operating a successful dental practice is ensuring that all patient health records are protected and stored safely. With today's technology, patient information can now be filed electronically, allowing for easy and efficient access to dental records. While it is a cinch to access and update patient information this way, it can also be easy to breach patient privacy if proper security systems and procedures are not in place.
Having electronic patient records makes it easy for dental office team members to update information quickly and efficiently. Health records stored electronically are classified as Electronic Protected Health Information (ePHI), which is defined as any information that is produced, saved, transferred, or received concerning health status, provision of care, or payment for health care that can be linked to a specific individual. Records categorized as ePHI are covered by HIPAA, the Health Insurance Portability and Accountability Act. All ePHI is housed in a secure system, making it easy to locate and access information at any time. This eliminates the need to keep hundreds of paper files, which are difficult to maintain and not very secure.
While electronic health records are much more efficient and secure, they do have the potential to be insecurely shared and stored if the proper precautions are not taken. Saving and storing files outside of a secure system or device is a violation of HIPAA. Simply leaving a patient's file open and visible to public eyes on a computer screen can also be detrimental to their privacy. Furthermore, with the increasingly frequent use of online communication, it can be easy and tempting to simply reply to a patient's e-mail or instant message regarding his or her dental information. However, common forms of online communication such as personal e-mail and social media are not secure places to share private patient information.
Dental support organizations (DSOs) have taken huge strides to ensure that supported offices have the systems necessary for keeping patient information secure. Heartland Dental, for example, has implemented a number of high-level security systems to make sure that ePHI is protected. A specialized enterprise systems and security team utilizes dozens of products and security measures that provide high levels of preventive and protective utilities. These include intrusion detection, data encryption and masking of sensitive data, computer forensics capabilities, application whitelisting, firewalls, antivirus software, and more. The team also regularly employs external HIPAA consultants who run HIPAA risk assessments and security remediation plans.
In addition, many members of Heartland Dental's IT team have completed countless hours of advanced training through the SANS Institute, one of the world's leading sources for security information training and certification. The department also hosts regular HIPAA and ePHI training and awareness programs for supported dental office teams. This ensures that anyone who works with ePHI is knowledgeable on keeping that information secure and understands why ePHI protection is so critical.
DSOs such as Heartland Dental have the knowledge and the means to make certain all the necessary steps are taken to protect patient information. By taking advantage of the many different products and security systems available, supported dental offices are equipped with high levels of data protection.
Invest in your security systems and train your people to be proficient in ePHI security, as this is also an investment in your practice and more importantly, your patients.
Rick Workman, DMD, is the founder of Heartland Dental. After practicing full-time, Dr. Workman created Heartland Dental, a world-class dental support organization, offering nonclinical, administrative services to supported dentists. Heartland Dental has more than 740 supported dental offices in 33 states. Dr. Workman may be reached at [email protected].