Just like patients’ oral cavities, your network and IT systems are not static; ongoing maintenance and upgrades are typically needed to keep things in check. Here are my recommendations.
HIPAA risk assessment
You should be doing a HIPAA risk assessment annually. Even if it wasn’t the law (it is!), how can you know where you stand if you don’t take the time to look?
The challenge for many practices is that there’s really no guidance on how to do this properly. Some companies will tell you that if you take their 10-minute online quiz, you’ll have met the requirement. But most of us who do this for a living would strongly disagree. Many HIPAA laws revolve around specific IT systems such as encryption, user accounts, limiting access, network shares, etc. It’s almost impossible to do a proper risk assessment without the assistance of a health-care-specific IT partner.
If done properly, the assessment should generate a HIPAA Management Plan, a step-by-step document on what you need to do to correct the problems. And, just like patient treatment plans, it doesn’t end there; you have to actually take the recommended actions!
Backup, disaster recovery
If you haven’t already done so, this is a good time to test and verify your backup and disaster recovery system. There are plenty of ways to do this, but the easiest is to turn off your server, simulating a crash, and then get the office back up and running.
Like many practices, having the backup isn’t the issue; it’s how quickly you can recover from a disaster. Ideally this should be measured in minutes, not hours or days. You should have something in writing reviewing the steps needed to restore the backup and reconfigure the network to minimize downtime. Ensure that you have both a local and off-site (cloud, for example) backup.
Viruses and malware
Are you doing enough to protect your practice from viruses and malware, specifically ransomware? Unfortunately, the days of just slapping some free antivirus software on your network are long gone; you need to take a proactive approach to dealing with these viruses. It all starts with a good, business-class hardware firewall. Many of the better firewalls come with an antimalware software subscription built in. You should have antiransomware software running at all times. And it’s critical that you keep your software, such as Windows and Office, up-to-date, because unpatched software is one of the main ways that malware can enter your network.
Many viruses are known as “zero day,” which basically means that they are so new, the firewall and software won’t recognize them as malware. So, it’s essential that you have another line of defense. Application whitelisting prevents any unapproved software from running.
Staff training
I highly recommend you invest in annual staff training (this includes the dentist). The IT and malware landscape is changing daily, so everyone must be able to recognize the threats that a dental practice is subject to every day. Your technology systems don’t operate in a vacuum; they’re changing constantly, so you must take stock and reevaluate the effectiveness of your IT backbone regularly.
Editor's note: This article appeared in the March 2026 print edition of Dental Economics magazine. Dentists in North America are eligible for a complimentary print subscription. Sign up here.
