What dental office managers need to know about keeping patient data secure

PHI = Protected Health Information

From mid-2015 to mid-2018, 135,060,443 healthcare records have been exposed or stolen, according to the Department of Health and Human Services’ Office for Civil Rights. And, the average cost per patient health information record (PHI) that was breached in 2017, was $380 — more than twice the $141 cost per breach in other industries, according to a 2017 Cost of a Data Breach Study: Global Overview.

Whether you are the dental office manager of an individual practice, or the manager of a multi-location practice with several dentists, you know the vital importance of keeping patient health information, or PHI, secure to avoid HIPAA law violations.


Unfortunately, there are a variety of ways in which patient health information can be compromised — both internally and externally.

Verizon’s 2018 Protected Health Information Data Breach Report

  • 57.5% of instances that put PHI at risk — or compromise it completely — come from those who work in your office
  • 42% are due to people outside your practice
  • 5.9% come from those you partner with
  • 5.1% come from people in collusion with one another


External Parties at Fault

Internal Parties at Fault

On-premise and Third-party Concerns

Break-ins happen. So do lost laptops. A staff member could get a phishing email — pretending to be from their significant other — a click on a link gives the real author access to data it shouldn’t have. Or they could have their email account hacked and not know it. You could also experience a flood that destroys your server — and the PHI data on it.


Institute a Training Program That Educates Staff On:

Front-desk confidentiality procedures

Understanding and following basic security measures, including use of encrypted mobile devices

Proper protocols to:
Secure PHI data
Deliver PHI data
Store PHI data in an encrypted environment
Dispose of PHI data
Backup sensitive information offsite

Malicious emails (phishing)
Unusual activity in an email account or on a workstation

Institute Tech
Safeguards That Include:

An HIPAA-compliant messaging platform

Intrusion protection

Best practices in patch management

Vulnerability scanning

Creating a comprehensive response plan to react to and recover from potential attacks

Monitoring access to PHI data

Securing access to the servers and building

Storing usable, secure backups located in a reliable off-site facility

Institute Administrative Safeguards That Include:

Performing a risk-based assessment on all vendors

Ensuring contracts with vendors who have risk-sharing provisions

Making sure vendors regularly conduct security assessments

Ensuring they have a disaster recovery plan in place

Identifying vendors’ vendors and ensuring they have security in place

And, all that’s just for some on-site and vendor threats.

What If You’re in the Public Cloud?

Sadly, you’re still not exempt from security breaches.

  • Data often travels over the open internet, making it vulnerable
  • You might share a server with other tenants, who could — intentionally or not — gain access to your information
  • Jurisdictional issues and regulations can come into play

So, As a Dental Office Manager, What Are You to Do?

The easiest and safest way to protect PHI and prevent data breaches is to off-load all the technical issues to a private cloud provider, preferably one who has a deep understanding of PHI data security as well as the complexities of a dental practice.

MBS Secure is certified in many security requirements, and The Complete Cloud™ uses military-grade encryption and security protocols to keep all your PHI data and practice management software safe.

We’re a team of dental experts, IT pros, security gurus, and HIPAA law experts who work with you to alleviate much of your PHI concerns. Give us a call at 877-627-0787 and we’ll explain it all — with no hard sell at all.

Revel in the Benefits of The Complete Cloud™

So, go ahead. Save the practice some big money. Increase productivity. Access the data you need when you need it no matter where you are.

Give us a call at 877-627-0787. Gripe away. We’ll listen. And we’ll help you find a solution to avoid HIPAA law violations.