To meet HIPAA audit control requirements, dental practices must, “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.”
By requiring each employee to use unique login credentials to access systems, data access patterns for each employee can be established. Since audit controls require data access to be tracked, they enable the quick detection and response to unauthorized ePHI access.
To meet HIPAA transmission security requirements, dental practices must, “Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.”
- Integrity Controls: prevents unauthorized alteration or destruction of ePHI.
- Encryption: prevents unauthorized access to ePHI by encoding text so that it can only be read by users with a decryption key.
To meet HIPAA contingency plan requirements, dental practices must, “Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.”
- Data Backup Plan: establishes and implements procedures to create and maintain retrievable exact copies of ePHI.
- Disaster Recovery Plan: enables ePHI to be quickly restored in the event of a breach or other incident.
- Emergency Mode Operation Plan: enables continuation of critical business processes for the protection of the security of ePHI while operating in emergency mode.
Security Awareness and Training
To meet HIPAA security awareness and training requirements, dental practices must, “Implement a security awareness and training program for all members of its workforce (including management).”
- Security Reminders: reminds the workforce of current policies and procedures.
- Protection From Malicious Software: reminds employees of organization’s security software that is used to protect against malicious software.
- Login Monitoring: addresses how users log onto systems and how they are supposed to manage their passwords.
- Password Management: requires organizations to train all users and establish guidelines for creating passwords and changing them during periodic change cycles.
For more information on HIPAA safeguard requirements, please click here.
Compliancy Group is Endorsed by the ADA
Did you know that Compliancy Group is the only HIPAA solution endorsed by the American Dental Association? By working with Compliancy Group and earning your HIPAA Seal of Compliance, you carry third-party verification and validation that helps differentiate and elevate you from your competitors.
Work with us and we’ll connect you with dental IT support that you know will have your back!