Security Rule. For North Texas dentists, however, the most worrying deficit remains the lack of a proactive Risk Assessment.
The majority of dentists I’ve met have either failed to conduct a
Risk Assessment or have failed to identify security vulnerabilities.
As you may know, HIPAA demands that a Risk Assessment be
conducted. However, these Assessments are not one-time
events. As your IT provider will tell you, no IT environment
remains static for 12 months. New security vulnerabilities
develop quickly. I make this point to area dentists every day;
failure to monitor risk on an ongoing basis is a violation of the
HIPAA Security Rule. For that reason, I recommend Risk
Assessments take place on an annual basis.
Working with dentists on a daily basis, I can see that the level
of local HIPAA compliance has improved slightly. However,
compliance still lags behind technology. While many technologies exist to safeguard PHI, most dentists still fail to put these
technologies to use. For example, data encryption is seldom
used to secure data, even on high-risk devices such as laptop
computers. I often must dissuade dentists and office managers
from traveling with unencrypted laptops. The difference is significant; if the laptop is encrypted and stolen, there’s no
reportable data breach. If the hard drive is unencrypted, however, loss or theft constitutes a breach and must be reported.
Sadly, this problem is often compounded because many IT consultants tell dentists that there’s no need to encrypt laptops.
Nothing could be further from the truth.
though, are caused from the inside out. Through intentional
actions such as record snooping, or by accident, including lost
laptops and portable devices, employees are often responsible
for smaller data breaches. Workforce privacy training clearly
offers the best HIPAA and HB300 “bang for the buck”.
However, about 40 percent of North Texas dentists have woefully inadequate in-house compliance training programs.
I know – I’ve seen them. Another 35 percent ignore HIPAA
completely.
When the OCR audits begin, we may hope they choose the 25
percent of North Texas dentists who have their HIPAA compliance act together.
Laura Lopez Stinson has worked in the dental
field for over 30 years, as a dental assistant,
a Registered Dental Hygienist in both private
practice and public health, a dental hygiene
educator, and in dental sales. She