#1) Improper Disposal of Paper Files
Tossing old files in the trash isn't enough to protect patients' privacy and security. There are a countless number of 'dumpster diving' cases in which crooks steal sensitive patient data by scouring through the dumpsters and trash receptacles of dental offices. Unless you want to be on the receiving end of a HIPAA fine (or other consequences), it's recommended that you use a paper shredder when disposing of documents.
#2) Overlooking Physical Safeguards
HIPAA states that dental practices, as well as other healthcare facilities, must implement both technical and physical safeguards to protect sensitive patient data. Unfortunately, many dental practices focus strictly on technical safeguards like encryption, overlooking the physical element altogether.
“The security rule states that health care offices must use both physical and technical safeguards to control access to patient information that is in electronic form,” wrote the American Dental Association (ADA). So, what exactly is a physical safeguard? An example of a physical safeguard is a locked door leading to the room in which the practice's computer is stored. Another example is a locking mechanism on a file cabinet.
#3) Expired HIPAA Documents
Another all-too-common HIPAA mistake made in dental practices is failure to check documents' expiration date. If the expiration date or expiration event on a document has already passed, authorization will be deemed defective. So whether you're expecting an audit or not, try to get into the habit of reviewing your HIPAA documents on a regular basis to ensure they are up to date.
#4) Office Gossip
Practically all workplaces, dental practices included, experience gossip. Workers may talk about their personal life, or they may discuss various patients whom entered the practice. While this type of casual gossip may seem harmless enough, it crosses the line when it involves patient information. Make sure your employees known the boundaries of what type of gossip is acceptable and what type can you land you a HIPAA fine.
Let me start off by saying there's no rule against the use of email to send patient information. However, there are a few rules dentists and other healthcare providers must follow to ensure they are within the boundaries of HIPAA. According to HIPAA standards, all emails containing patient information must be encrypted. Doing so prevents prying eyes from intercepting the message. Sending emails with patient information over encrypted email hosts isn't compliant with HIPAA and could place your practice in hot water.