Do you operate a dental practice in the United States? If so, you are required by law to comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Consisting of the Privacy Rule, Security Rule, and Breach Notification Rule, it lays out several requirements that covered entities must follow in regards to patient privacy. So, today we're going to reveal some essential steps that dentists can take to better prepare their practice for a HIPAA audit.
Conduct an Internal Risk Analysis
Don't underestimate the importance of conducting regular risk analyses. As the name suggests, the purpose of a risk analysis is to identify weaknesses and vulnerabilities that could result in a breach of Protected Health Information (PHI). Even if your dental practice has never experienced a data breach, you are still required by law to conduct routine risk analyses.
Encrypt Electronic Protected Health Information
While encryption isn't necessarily a requirement for HIPAA compliance, it's still a good idea to apply it when storing and managing Electronic Protected Health Information (EPHI). Encryption isn't going to prevent other users from accessing the data, rather it prevents them from reading it. In order to read the encrypted data, a “key” must be used. The bottom line is that encryption offers one of the best ways to protect sensitive data from unauthorized use.
Assuming workers have access to EPHI via computer systems and networks, each of these workers must be given a unique login. The purpose of this is to identify who's accessing what data and at what times. Dental practices that fail to comply with this rule could be found in violation of HIPAA if they are ever audited.
Of course, you should also implement the necessary safeguards to protect PHI from unauthorized use. This includes a combination of physical, technical and administrative safeguards. Only implementing one type of safeguard is a serious mistake that will increase the risk of data breach.
Disposal of Protected Health Information
How does your dental practice dispose of PHI? If you simply toss paper PHI into the garbage can or dumpster, you could be subject to fines, corrective actions and other penalties in the event of a HIPAA audit. PHI must be disposed of in a manner that completely destroys the data so it cannot be reproduced.
To learn more about the disposal of PHI, check out the official Department of Health and Human Services (HHS) website at http://www.hhs.gov/hipaa/for-professionals/faq/disposal-of-protected-health-information.