If there's any aspect of a dental practice administration that could be considered "most important" while least likely to be front-of-mind, it would be compliance with HIPAA regulations regarding protection of patient information. A good portion of The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is dedicated to patient information protection from fraud and theft, and HIPAA compliance for dental startups is vital.
HIPAA regulations require you, as well as your business associates, to follow and develop procedures to ensure the security and confidentiality of patient health information when it is handled, received, shared or transferred. Regulations apply to all forms of protected patient information, including paper, electronic or even oral. The regulations also provide that only minimal health information necessary for the conduct of business is to be shared or used.
In past times, patient information could be secured in locked filing cabinets. With the advent of the internet and email, however, criminal activity such as unauthorized access and theft became increasingly possible, especially with medical and dental practices that weren't aware of security measures that should be taken. In short, unprotected or poorly protected patient information is at serious risk in the digital age.
The penalties for non-compliance with HIPAA regulations can be quite severe, involving serious fines, and penalties can be levied whether or not violations are intentional. Fortunately, the agency that issues such penalties, the Department of Health and Human Services' Office for Civil Rights (OCR), often resolves most cases through voluntary compliance. Ignorance of HIPAA regulations is, however, not taken as an excuse for violations. In other words, you really should not take chances.
Insecure email is a common method of non-compliance with HIPAA regulations. There are 4 tiers of email breach penalties. They are, briefly:
Tier 1-having no awareness that you were required to have HIPAA-compliant email. Penalties range from a warning to a fine of $100 for each email that contains protected health information, or a maximum of $25,000 per year.
Tier 2-You are aware of the need for HIPAA-compliant email, but you continue to send non-compliant email. You can be fined $1,000 per email containing protected health information, or a maximum of $10,000 per year. Your case may also be referred to the Department of Justice for possible criminal charges.
Tier 3-You use HIPAA-compliant email but do not follow its policies and best-practice procedures. In this case you can be fined $10,000 per offending email, or $100,000 per year, and again your case can be referred to the Department of Justice.
Tier 4-This is identical to Tier 3, except you refuse to correct your situation even after being warned. In this case, you can be fined $50,000 per offending email or a maximum of $1.5 million per year, along with your case possibly being referred to the DOJ.
How do you make sure your practice complies with HIPAA regulations? Studying up on all of the regulations, and then learning all about the technology required for compliance, can be quite confusing, time-consuming and frustrating. In fact, few practices really get it right and end up leaving themselves open to risk.
You can start by downloading Darkhorse Technology's free HIPAA compliance checklist. However, as HIPAA compliance specialists we would be happy to discuss what we do (or could do if you are not a client) to protect your data and maintain your HIPAA compliance.
The best method for HIPAA compliance for dental startups is to hire Darkhorse Tech, an IT company dedicated strictly to dental operations. Darkhorse has staff fully trained in HIPAA compliance, who can see to your HIPAA compliance measures while you do what you do best-operate a thriving dental practice.
Let's get started. Call us today at 800.868.4504 to schedule a HIPAA audit.
You can schedule an intro meeting online! Find a time on our calendar that works for you.
schedule today!