It seems that almost every day there are news stories about data breaches at large companies, like Home Depot and Anthem, to small organizations like Ozaukee County.
With the number of data breaches occurring and the amount of people affected by them, many dentists are worried that their information is not safe.
The first step dental offices can take is to complete a risk analysis as required by the Health Insurance Portability and Accountability Act Security Rule. Some offices choose to bring in a third party to help them complete the analysis, while others choose to do it on their own. There are many different ways to perform the risk analysis and no single method guarantees compliance. Here are a few risk analysis elements to keep in mind as you weigh your options:
- Assess current security measures
- Assess and document current security measures used to safeguard stored, received, maintained or transmitted electronic Protected Health Information (e-PHI).
- Determine the level of risk
- Once the assessment is completed, assign levels of risk for any threat or vulnerability discovered during the analysis.
- Finalize documentation
- Be sure to document everything found during the risk assessment and what steps, if any, the office took to reduce possible risk.
- Periodic review and updates to the risk assessment
- This is an ongoing process.
Even if your office is using firewalls, secure data back-up and other safeguards, the risk analysis and documentation is still required for organizations deemed covered entities under HIPAA.
For more specific information on HIPAA requirements, visit: www.hhs.gov/hipaa
The Digital Dental Record is your independent resource and trusted advisor for HIPAA-compliant business and technology solutions. Visit us at www.dentalrecord.com