Security in dental data: HIPAA and hacking
Thursday, October 05, 2017
Securing information like patient charts and files is a fairly universal precaution in dental offices. When it comes to their digital counterparts, however, the Health Insurance Portability and Accountability Act (HIPAA) has added a new wrinkle in the fight to keep medical information private.
Lulled into a false sense of security by years of analog file-keeping, older dental offices are particularly vulnerable to hackers. While these malicious cybercriminals weren't created by the dental field, they represent a threat that could potentially topple a smaller office.
Showing your teeth
Successfully fighting back against hackers starts with education, a tactic recommended by the American Dental Association in light of recent attacks. Per HIPAA mandate, a dental office must "implement a security awareness and training program for all members of its workforce," which includes creating a procedure for handling and securing sensitive digital information.
When your entire staff is aware of the dangers and the methods a hacker might use to gain access, they'll be better prepared to spot and prevent it. Medical and payment information is a lucrative opportunity for hackers, so make sure they come to the conclusion that your files are more trouble than they're worth.
Your digital procedures should also detail protocol for potential breaches, including which equipment should be shut down or disconnected, who should be contacted and what steps should be taken if ransomware — such as the infamous WannaCry virus — is used. For obvious reasons, any security procedures for these events should be printed and kept in a folder or binder near your office computers, rather than on the computers themselves.
Smart practices in the office
Even something as simple as a password-protected router or a separate patient router for Wi-Fi in the waiting room can be incredibly helpful in fending off hackers. Much like home invaders, digital thieves look for an easy target — if all of your patient and payment information is in the same database, it makes a tempting target.
Some hackers will even be bold enough to call your office directly. These criminals will pretend to be an IT worker or computer-selling service, hoping to get a receptionist to reveal exactly what type of computers are being used so they know how to break into the system.
If it's feasible, consider implementing a closed-circuit system of digital files, kept on computers that are not connected to the internet. Also, keep in mind that any devices with wireless connectivity — such as a Bluetooth printer or wireless keyboard — can potentially offer a way in for hackers.
Don't put yourself on the hook
You can't control when and where hackers strike, but if it's determined that you didn't take appropriate precautions prior to a digital attack, you could be violating HIPAA regulations. Even worse, each separate file stolen could be considered an individual violation, putting you at risk for penalties or even closure.
A documented training schedule for your entire staff will protect you against this liability, ensuring that you'll have peace of mind on several different fronts simultaneously. Take an honest assessment of your cybersecurity risk in the office as soon as possible — because rest assured that if you don't, a hacker will.
If you were a patient at your own practice peeking "behind the scenes," would you feel confident that your information was secure? If not, it may be time to put additional protections in place and look to retraining your staff.
- Impressive new smartphone apps in health and medicine
- Experiment reveals the ugly side of open-source journal industry
- The impact of marijuana use on oral health
- 5 must-track metrics for practice profitability
- 3-D printing and its impact on the medical implant industry
- Technology and medicine: Applying Google Glass in the medical field
- Supreme Court to decide future of teeth whitening industry
- Valentine’s Day woes? There’s an ICD-10 code for that
- Study: Patients prefer automated follow-up over human interaction
- Google wants marketing emails to act like webpages
- Tackle this: Flag football only until high school?
- Practice smarter: Putting it all together
- A simple food preservative may help some schizophrenia patients
See your work in future editions
Your content, Your Expertise,
Your Industry Needs YOUR Expert Voice & We've got the platform you needFind Out How