Dental office administrative staff are often overburdened with a multitude of tasks, especially as of late with staffing shortages across the country. These staff members are often required to wear many hats and are therefore more likely to fall victim to burnout. With their focus divided across several tasks, it is difficult to fully address the security needs of the modern dental practice. This is where dental IT support comes in. Rather than add to the burden of your administrative staff, why not look to a third-party to handle your information security needs?
What is Dental IT Support?
The HIPAA Security Rule requires dental offices to implement safeguards to ensure the confidentiality, integrity, and availability of protected health information (PHI). While dental practices can easily meet some of HIPAA’s safeguard requirements on their own, there are many more complex safeguards that need technical expertise to implement.
Dental IT support is recommended to facilitate the implementation of the following safeguards.
Access Controls
To meet HIPAA access control requirements, dental practices must, “Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.”
- Unique User Identification: enables administrators to designate different levels of access to data based on an employee’s job role; and track access to data to facilitate the quick detection of unauthorized access to ePHI.
- Emergency Access Procedure: provides instructions on accessing ePHI when it cannot be accessed through regular means.
- Automatic Logoff: prevents unauthorized access to ePHI by logging out of systems after a period of inactivity.
- Encryption and Decryption: prevents unauthorized access to ePHI by encoding text so that it can only be read by users with a decryption key.
Audit Controls
To meet HIPAA audit control requirements, dental practices must, “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.”
By requiring each employee to use unique login credentials to access systems, data access patterns for each employee can be established. Since audit controls require data access to be tracked, they enable the quick detection and response to unauthorized ePHI access.
Transmission Security
To meet HIPAA transmission security requirements, dental practices must, “Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.”
- Integrity Controls: prevents unauthorized alteration or destruction of ePHI.
- Encryption: prevents unauthorized access to ePHI by encoding text so that it can only be read by users with a decryption key.
Contingency Plan
To meet HIPAA contingency plan requirements, dental practices must, “Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.”
- Data Backup Plan: establishes and implements procedures to create and maintain retrievable exact copies of ePHI.
- Disaster Recovery Plan: enables ePHI to be quickly restored in the event of a breach or other incident.
- Emergency Mode Operation Plan: enables continuation of critical business processes for the protection of the security of ePHI while operating in emergency mode.
Security Awareness and Training
To meet HIPAA security awareness and training requirements, dental practices must, “Implement a security awareness and training program for all members of its workforce (including management).”
- Security Reminders: reminds the workforce of current policies and procedures.
- Protection From Malicious Software: reminds employees of organization’s security software that is used to protect against malicious software.
- Login Monitoring: addresses how users log onto systems and how they are supposed to manage their passwords.
- Password Management: requires organizations to train all users and establish guidelines for creating passwords and changing them during periodic change cycles.
For more information on HIPAA safeguard requirements, please click here.