Protect Your Patients, Protect Yourself
As dental offices look to store greater amounts of their practice information electronically, a reliable backup method is crucial.
The HIPAA Security Rule, which took effect in April 2003, addresses electronic protected health information (e-PHI). It established national standards to protect individuals’ e-PHI and requires the implementation of administrative, physical, and technical safeguards.
All HIPAA-covered dental practices must have a data backup plan as part of their contingency plans. The data backup plan must include “procedures to create and maintain retrievable exact copies of electronic protected health information.” A covered practice must also be able to fully restore any loss of data. It is recommended you find a service that encrypts your backup data.
Although encryption is not mandatory, it must be implemented if “after a risk assessment, the entity has determined that the specification is a reasonable and appropriate safeguard in its risk management of the confidentiality, integrity, and availability of e-PHI.” If you choose not to encrypt data, you must implement a solution that is both reasonable and appropriate.
Storing a backup offsite can help ensure that, in the event of a natural disaster (fire, tornado, flood, etc.) or theft, electronic dental records will be recoverable. Online backups with automatic incremental backups can assist with maintaining records. If a dental office needs to recover data, the process can be quick and secure and the office can resume normal operations with minimal disruption to your patients or practice.
If you are covered by HIPAA, written procedures must be in place related to your data backup and recovery plan. In addition, a covered dental practice is required to implement procedures for periodic testing and revision of contingency plans.
Penalties for failure to comply with HIPAA standards can be severe. Penalties for noncompliance penalties are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision.
Consult with your provider and make sure that they are maintaining HIPAA-compliant standards. More information on Health Information Privacy can be found on the U.S. Department of Health & Human Services website. You can also view their security risk assessment tool.