What dental office managers need to know about keeping patient data secure
PHI = Protected Health Information
From mid-2015 to mid-2018, 135,060,443 healthcare records have been exposed or stolen, according to the Department of Health and Human Services’ Office for Civil Rights. And, the average cost per patient health information record (PHI) that was breached in 2017, was $380 — more than twice the $141 cost per breach in other industries, according to a 2017 Cost of a Data Breach Study: Global Overview.
Whether you are the dental office manager of an individual practice, or the manager of a multi-location practice with several dentists, you know the vital importance of keeping patient health information, or PHI, secure to avoid HIPAA law violations.
HOW PHI DATA BREACHES OCCUR
Unfortunately, there are a variety of ways in which patient health information can be compromised — both internally and externally.
Verizon’s 2018 Protected Health Information Data Breach Report
- 57.5% of instances that put PHI at risk — or compromise it completely — come from those who work in your office
- 42% are due to people outside your practice
- 5.9% come from those you partner with
- 5.1% come from people in collusion with one another
MORE PHI DATA BREACH STATISTICS
External Parties at Fault
Internal Parties at Fault
On-premise and Third-party Concerns
Break-ins happen. So do lost laptops. A staff member could get a phishing email — pretending to be from their significant other — a click on a link gives the real author access to data it shouldn’t have. Or they could have their email account hacked and not know it. You could also experience a flood that destroys your server — and the PHI data on it.
HOW DO YOU PREVENT PHI DATA BREACHES IN THESE INSTANCES?
Institute a Training Program That Educates Staff On:
Front-desk confidentiality procedures
Understanding and following basic security measures, including use of encrypted mobile devices
Proper protocols to:
Secure PHI data
Deliver PHI data
Store PHI data in an encrypted environment
Dispose of PHI data
Backup sensitive information offsite
Malicious emails (phishing)
Unusual activity in an email account or on a workstation
Safeguards That Include:
An HIPAA-compliant messaging platform
Best practices in patch management
Creating a comprehensive response plan to react to and recover from potential attacks
Monitoring access to PHI data
Securing access to the servers and building
Storing usable, secure backups located in a reliable off-site facility
Institute Administrative Safeguards That Include:
Performing a risk-based assessment on all vendors
Ensuring contracts with vendors who have risk-sharing provisions
Making sure vendors regularly conduct security assessments
Ensuring they have a disaster recovery plan in place
Identifying vendors’ vendors and ensuring they have security in place
And, all that’s just for some on-site and vendor threats.
What If You’re in the Public Cloud?
Sadly, you’re still not exempt from security breaches.
- Data often travels over the open internet, making it vulnerable
- You might share a server with other tenants, who could — intentionally or not — gain access to your information
- Jurisdictional issues and regulations can come into play
So, As a Dental Office Manager, What Are You to Do?
The easiest and safest way to protect PHI and prevent data breaches is to off-load all the technical issues to a private cloud provider, preferably one who has a deep understanding of PHI data security as well as the complexities of a dental practice.
MBS Secure is certified in many security requirements, and The Complete Cloud™ uses military-grade encryption and security protocols to keep all your PHI data and practice management software safe.
We’re a team of dental experts, IT pros, security gurus, and HIPAA law experts who work with you to alleviate much of your PHI concerns. Give us a call at 877-627-0787 and we’ll explain it all — with no hard sell at all.
Revel in the Benefits of The Complete Cloud™
So, go ahead. Save the practice some big money. Increase productivity. Access the data you need when you need it no matter where you are.
Give us a call at 877-627-0787. Gripe away. We’ll listen. And we’ll help you find a solution to avoid HIPAA law violations.