This dental practice compliance article will highlight what dental practices need to know for HIPAA dental compliance and if their dental policies and procedures are still HIPAA compliant. We will also outline what dental practices must do to keep their homes on high ground as cyber security threats continue to evolve and dental privacy risks become even greater each year that passes us by.
HIPAA SECURITY RISKS: CYBER THREATS & DENTAL PRIVACY BREACHES
While hackers don’t usually target dental practices, dental records can be sold for $20/record on the black market. The increased availability of dental records makes dental privacy breaches more likely than ever, especially now that hackers are making dental health insurance cards the target.
That means dental offices must take steps to ensure they are HIPAA compliant in 2022 or risk losing homes-on-high-ground to attackers.
CYBER SECURITY RISKS IN DENTISTRY
Healthcare organizations are under greater pressure to demonstrate HIPAA compliance than ever before because there are more cyber security risks now than ever before. Those dental offices that do not take cyber security seriously are leaving their personal data unprotected and at risk of being hacked, which can lead to fines for dental practices, as well as lawsuits filed by patients who have had their dental records stolen or exposed. If your dental office was hacked, would you know? Read this article about dental patient data breaches.
WHAT’S NEW WITH HIPAA COMPLIANCE?
There has been a lot of change since the first dental practice HIPAA compliance article was published four years ago. For dental practices, HIPAA has become a maze of dental privacy policies, dental records retention, and dental security rules that blend into one another — making it difficult to know if dental practices are HIPAA compliant or not? Let’s summarize what dental offices need to do by 2022:
DENTAL PRIVACY POLICIES:
Dental policies and procedures need to be updated because new dental privacy rules were introduced in 2017. The biggest dental change for 2022 is that all dental providers who create, receive, maintain or transmit electronically protected health information (ePHI) must implement access controls on ePHI, including the ability to authenticate users and specify which users have access to ePHI within dental practices.
Dental providers must designate dental staff with “privileges” to access ePHI, dental provider portals, and records management systems. Privileged users can be dental support staff or dental IT personnel — but it is important that dental providers clearly define who has access privileges when they are hired because HIPAA compliance audits need the ability to determine who has privileged access when investigating security risks.
DENTAL RECORDS RETENTION RULES:
The two biggest dental changes for retaining dental records are regarding medical image storage between 2016-2018 and 2022, including x-rays, MRIs, ultrasounds, etc… What’s different now in 2018 is that dental practices are required to retain all dental digital images (x-rays) on a dental server or device that is onsite at dental offices.
Suppose dental practices outsource their dental records storage. In that case, they need to make sure dental providers understand HIPAA compliance best security practices for storing images, encrypting data, and the importance of HIPAA compliant backups.
DENTAL SECURITY RISKS:
In 2016, there were two big changes regarding HIPAA privacy and security rules because the Office for Civil Rights said it was going to focus on ‘big picture’ cybersecurity risks instead of focusing primarily on intentional misconduct by bad actors. As a result, OCR launched 22 new proactive investigations into healthcare organizations suspected of not being HIPAA compliant with computer security.
Fast-forward three years, and dental practices are still struggling to implement basic network security concepts, let alone upgrade their dental IT infrastructure with breach detection tools that include security event monitoring, vulnerability scanning, and endpoint protection.
Right now, dental providers should be focusing on prioritizing dental staff training via interactive web-based courseware, which would mean dental practices need to consider using an accredited training vendor.
WHY DENTAL PROVIDERS SHOULD BE HIPAA COMPLIANT
The dental practice is required to be HIPAA compliant in 2022 because the penalty for dental providers who continue to fail at protecting ePHI is an OCR fine
By 2022, dental offices with ten employees will average nearly 4 million dollars in fines if they fail at being HIPAA compliant or if they have a data breach involving unencrypted PHI and x-rays between 2016 and 2018. Some experts predict healthcare organizations might payout record numbers of fines this year, so dental practices need to realize that with every new dental privacy rule, there are mandatory compliance training requirements — and dental practices might need to bring in dental IT consultants, HIPAA compliance auditors, and security consultants if they fail at protecting dental records.
OVERALL HIPAA COMPLIANCE TIP FOR 2022
By becoming HIPAA compliant now dental practices will save money on dental compliance fines, and they’ll also help avoid the embarrassment that dental practices experience when dental records are breached.