There’s no doubt that HIPAA privacy and security statutes, technology audit requirements, and an increase in users requiring access to multiple systems is driving the need for all healthcare organizations, including dental practices, to focus on managing security risks. Managing those risks is often unchartered territory for dental practice owners who specialize in providing patient care, not information security, but these days, more than ever, practice owners have to become adept at managing risk.
The good news is, you don’t have to go it alone. There are many resources available online to help get you on the right track and we at NEA have a few tips as well that should help you get started as well.
1. Conduct a very candid risk assessment. Be open about where gaps may currently exist and work towards a plan that closes those gaps. You may want to engage an outside consultant for this very important part of the process. Check with the Academy of Dental Management Consultants to learn more: www.admc.net
2. Develop a program around compliance that outlines your policies and procedures for managing protected health information (PHI). A good way to think about it is to treat every piece of patient information as if it’s your own. What lengths would you go to in order to ensure that your PHI stayed out of the wrong hands?
3. Train your team to properly manage and handle PHI and conduct internal audits to ensure that policies are being followed. A lack of training is no excuse for a security breach so be sure that everyone on your team fully understands your practice’s policies for handling PHI.
As the practice owner it is your responsibility to ensure the security of the data entrusted to you. Take security personally and you’ll know what to do even if you’re not a data security expert.