WHAT HAPPENS IF MY DENTAL PRACTICE IS NOT HIPAA COMPLIANT?

WHAT HAPPENS IF MY DENTAL PRACTICE IS NOT HIPAA COMPLIANT?

What you don’t know can cost you money, put patient data at risk, and damage your reputation.


One of the questions I’m asked most frequently by dentists and dental practice managers is, “Why do I need your service?

In addition to keeping your technology up to date and your office running smoothly, at Darkhorse Dental IT we:

  • Design, install, and maintain your dental office technology
  • Protect your business and patient data
  • Provide your practice with consistently reliable IT service and support
  • Ensure your office is secured properly and compliant with HHS, HIPAA, and HiTech Rules for healthcare providers

The last bullet point is especially important because the number of practices that don’t know what it takes to properly protect their dental office(s) in today’s digital world is alarming. In fact, almost 99% of the offices we evaluate, prior to our service and set up, are not set up properly to protect the practice and adhere to current healthcare provider laws and guidelines.

In this article, I’ll provide some general guidance and information to help you understand compliance requirements for dental practices and the potential consequences of non-compliance.

WHAT ARE THE LAWS/GUIDELINES REQUIRED FOR MY DENTAL PRACTICE?

I am also frequently asked what specific laws/rules are required and how to follow them. Well, over the years I developed a sort of cheat sheet that I reference to help explain to dental offices why we implement all the compliance and security protocols that we do. And for the first time ever, in this blog, I am going to share this with our readers.

There are several rules in the HiTech security requirements. We have analyzed each of these and their impact on dental practices. Here are my top five compliance and security rules along with a simplified breakdown of each rule and what they mean to your dental practice:


MY TOP 5 COMPLIANCE AND SECURITY RULES

1) Rule: HIPAA Security Rule 45 C.F.R. § 164.308 (a)(5)(ii)(B) specifically requires updated patches on all systems.

Breakdown: All hardware/software must be up to date with security patches in place. This is the rule that states Server 08 and Windows 7 operating systems in a healthcare environment are not compliant because they no longer receive updates for security from Microsoft. This is also the one that states your Dentrix, Eaglesoft, Open Dental, etc. should be running on the latest stable version.

2) Rule: HIPAA Security Rule 45 C.F.R. § 164.308(a)(7)(ii)(A) Data Backup Plan, 164.308(a)(7)(ii)(B) Disaster Recovery Plan, 164.308(a)(7)(ii)(C) Emergency Mode Operation Plan.

Breakdown: You must have backups of your data that are secure and protected, and you must have a disaster recovery plan. Therefore, if there is an office catastrophe/disaster, your recovery plan can be enacted, and emergency operations can be set up.

3) Rule: HIPAA Security Rule 45 C.F.R. § 164.312(b) (also known as HIPAA logging requirements) requires Covered Entities and Business Associates to have audit controls in place.

Breakdown: Access controls and audit trails need to be in place to keep Protected Health Information (PHI) secure.

  • NOTE: This can only be accomplished by managed firewalls, managed antivirus, activity logs, and a domain controller.

4) Rule: HIPAA Security Rule 45 C.F.R. § 164.312(c) Workstation security. Implement physical safeguards for all workstations that access electronic protected health information, to restrict access to authorized users.

Breakdown: Data must be always protected by best efforts.

5) Rule: HIPAA Security Rule 45 C.F.R. § 164.312(c)(i) Disposal (Required). Implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored.

Breakdown: Old equipment that has PHI on it must be disposed of properly and documented.

  • Our company provides a complementary, environmentally friendly, NIST- and HIPAA-compliant PHI e-waste destruction.

WHAT ARE THE SPECIFIC VIOLATIONS AND PENALTIES?

Several times, someone whose practice was non-compliant has said, “Well, I just didn’t know.” Unfortunately, this is similar to when a police officer pulls someone over for holding their cell phone while driving in Georgia; “I didn’t know” is not an acceptable response, and the driver is in violation of the law.

When it comes to HIPAA requirements for healthcare providers, a lack of understanding is not an acceptable rationale, and the consequences for non-compliance can result in potentially large financial penalties and damage to a practice’s reputation.

Here are the four tiers of HIPAA violations and penalties as follows:

Note that “per violation” could mean each record, in the event of a records breach; additionally, a breach doesn’t have to occur for the Office of Civil Rights (OCR) to fine an office negligent.

THE HIGH PENALTY OF NON-COMPLIANCE

In addition to the monetary penalties, there are a number of additional consequences that can result from non-compliance. A breach and/or non-compliance violation can be damaging to the dental office’s reputation. It can be hard to distance negative blemishes on the practice once these have incurred, and it can have a long-lasting negative impact to the business – in fact, for large breaches, the Office of Civil Rights maintains a publicly-available list, including the practice name and the nature of the violation.

For example, I know of a local practice that was the victim of a cyberattack in 2016 in which a hacker obtained the PHI of over 200,000 patients. The Office of Civil Rights conducted an investigation and determined negligence, resulting in a $1.5 million fine to the practice. Although the practice did not intentionally violate security protocols, their lack of understanding and compliance cost them severely.

Dental practices cannot afford to risk their financial stability and their reputation due to a lack of knowledge and compliance. To see if your dental practice is following HIPAA best practices and security standards, please contact us for a free evaluation: darkhorsetech.com/contact


HOW DO I PROTECT MY DENTAL PRACTICE?

As a healthcare provider, dental offices are legally required to follow specific security rules and guidelines. While it can seem overwhelming to understand and comply with all of these requirements, it doesn’t have to be. We can manage this for you. Darkhorse Tech has been specializing in dental office security and technology for more than 12 years, and we are dedicated to ensuring your office is safe, secure, protected, and running smoothly.

The purpose of this article is to provide you with some guidance and additional knowledge to make informed decisions regarding your practice, because what you don’t know can hurt you when it comes to security and HIPAA compliance. I hope you found this information beneficial. As always, feel free to reach out to us with any questions. We’ll also be happy to provide you with a complimentary office evaluation to find out if your office is in compliance and running as efficiently and profitable as possible.

Darkhorse Dental IT Is Here For You

We understand that caring for your patients is your top priority. Dealing with a computer issue, slow IT response time or HIPAA compliance requirements just aren’t high on your list of to-do’s. That’s where Darkhorse Dental Tech comes in. Our team of Dental IT specialists are experts when it comes to running a great, secure and successful practice —and so much more. Whether you’re looking for IT services for startups, or existing support and security services for your practice, Darkhorse can do it all for you, so you can get back to your patients.

Have questions? Looking for ideas? Just want to talk teeth? Drop us a line at sales@darkhorsetech.com to get the conversation started! Or head to our Contact page to send us a message. Don’t forget to follow us on Instagram!

Dental IT Support, Dental Startups, Dental IT Support New York, Dental IT Support Texas, Dental IT Support North Carolina, Dental IT Support Raleigh, Dental IT Support Charlotte, Dental IT Support Wake Forest, Dental IT Support Florida, Dental IT Support California, Dental IT Support Pennsylvania, Dental IT Support New Jersey, Cloud Dental Solutions, Dental Technology.

Back to Education

Looking to get dental IT support for the first time?

You’re in the right place.

Don’t hesitate to drop us a line, we look forward to connecting with you soon.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Want To Chat?

You can schedule an intro meeting online! Find a time on our calendar that works for you.

schedule today!
(800) 868-4504
CONTACT

(800) 868-4504

sales@darkhorsetech.com

CONNECT
Resources
Services
Key Areas
CONNECT
© 2023 Darkhorse Tech
Privacy Policy