North Texas Dentistry Volume 5 Issue 5 | Page 27

Security Rule. For North Texas dentists, however, the most worrying deficit remains the lack of a proactive Risk Assessment. The majority of dentists I’ve met have either failed to conduct a Risk Assessment or have failed to identify security vulnerabilities. As you may know, HIPAA demands that a Risk Assessment be conducted. However, these Assessments are not one-time events. As your IT provider will tell you, no IT environment remains static for 12 months. New security vulnerabilities develop quickly. I make this point to area dentists every day; failure to monitor risk on an ongoing basis is a violation of the HIPAA Security Rule. For that reason, I recommend Risk Assessments take place on an annual basis. Working with dentists on a daily basis, I can see that the level of local HIPAA compliance has improved slightly. However, compliance still lags behind technology. While many technologies exist to safeguard PHI, most dentists still fail to put these technologies to use. For example, data encryption is seldom used to secure data, even on high-risk devices such as laptop computers. I often must dissuade dentists and office managers from traveling with unencrypted laptops. The difference is significant; if the laptop is encrypted and stolen, there’s no reportable data breach. If the hard drive is unencrypted, however, loss or theft constitutes a breach and must be reported. Sadly, this problem is often compounded because many IT consultants tell dentists that there’s no need to encrypt laptops. Nothing could be further from the truth. though, are caused from the inside out. Through intentional actions such as record snooping, or by accident, including lost laptops and portable devices, employees are often responsible for smaller data breaches. Workforce privacy training clearly offers the best HIPAA and HB300 “bang for the buck”. However, about 40 percent of North Texas dentists have woefully inadequate in-house compliance training programs. I know – I’ve seen them. Another 35 percent ignore HIPAA completely. When the OCR audits begin, we may hope they choose the 25 percent of North Texas dentists who have their HIPAA compliance act together. Laura Lopez Stinson has worked in the dental field for over 30 years, as a dental assistant, a Registered Dental Hygienist in both private practice and public health, a dental hygiene educator, and in dental sales. She