By now, every dentist in the United States knows that the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law designed to protect a subset of Sensitive Information known as protected health information (PHI). PHI is considered to be:
- Any information that can be used to identify a patient – whether living or deceased – that relates to the patient’s past, present, or future physical or mental health or condition
- Includes healthcare services provided and payment for those services
- Includes x-rays, drivers license number, social security number, relatives names, diagnoses, treatment plans, treatment notes, account numbers, biometric identifiers, etc.
Most doctors struggle with how to ensure cyber security in their facility. This is understandable because as dentists, we are not trained on setting up a secure system, nor do we have time to do so. Doctors also know that they have a variety of requirements for compliance with HIPAA regulations, and that non-compliance has the potential to result in citation, fine, and risk to their business. Some of these requirements include training your entire team and creating written policies/procedures for compliance with privacy and security provisions of the law.
An important first step is to make certain that you are working with a quality IT—one who is familiar with the proper way to set up a secure system that is loaded with PHI. If you are using an old college friend or a relative who “does a little IT on the side”—you may be vulnerable and are unknowingly placing your business at risk. You should choose a high quality, knowledgeable IT who understands network security. Once you have identified an individual or company that you feel may be the right fit, have them review the following checklist, letting them know that, while you are not a security expert, these are areas of concern that you have.
It is not difficult to comply with requirements for training and written policy. Your Henry Schein Dental Sales Representative can direct you to several quality training solutions and written programs, including the new Compli online system, designed to provide on-demand HIPAA, OSHA and Infection Control training.
Good luck in your HIPAA compliance efforts!
Karson L. Carpenter D.D.S. serves as President and CEO of Compliance Training Partners. He has over 25 years’ experience designing educational programs to bring dental facilities into compliance with governmental regulations including OSHA, HIPAA, and infection control.