‘Authentic Frontier Gibberish’

Publication
Article
Dental Products ReportDental Products Report February 2021
Volume 55
Issue 2

In Part 4 of this series, Lorne Lavine, DMD, discusses the importance of encrypting your data and how consequential not doing so can be to your dental practice.

EGOKHAN / STOCK.ADOBE.COM

I have seen many incorrect assumptions and statements about encryption, so I wanted to tackle the most common misconceptions here:

1.Encryption isn’t mandatory. This is simply not true. If you look at the Health Insurance Portability and Accountability (HIPAA) laws, there are essentially 2 types of rules: required and addressable. Required is cut and dried: You must do it. Addressable is a bit more gray, but not that difficult to understand: If it’s reasonable and appropriate, you must do it (emphasis mine). If it is not reasonable, then come up with an alternative or document why you don’t think it’s required. This is not a get-out-of-jail-free card, because it all boils down to that reasonable and appropriate statement. You have to be able to prove that based on current standards, the requirement isn’t reasonable, and as you’ll see below, that’s a hard argument to make.

2. There are no consequences if my data isn’t encrypted. Even if we ignore the HIPAA requirement, this would be a significant mistake. Although much of HIPAA is somewhat ambiguous, the Breach Notification Rule is not: If you suffer a breach, then by law you must notify your patients in writing, alert the local news media (in certain cases), and be listed on the HHS “Wall of Shame” (if your breach affects 500 or more individuals). Getting back to that get-out-of-jail-free concept, it actually does exist, but only in this specific case: If your data is encrypted, then you are exempt from that breach notification. For this reason alone, it’s almost impossible to not justify encrypting your data. Another fun fact is that most (but not all) ransomware viruses have difficulty attacking encrypted files, so you reduce your chances of a ransomware infection if the data is already encrypted.

3. It’s too expensive to encrypt my data. Well, considering that it’s free, good luck with that argument! If yours is like most practices, you can and should be storing all your data on your server. With Windows Server 2008 no longer being supported and patched (and, thus, a HIPAA violation), you should be using either Server 2012, 2016, or 2019 as your server operating system. And every one of those operating systems (including Windows 10) has a built-in encryption software called BitLocker. It’s part of the system and costs nothing to activate. Unless you have extensive information technology (IT) experience, you’re better off having an IT specialist set it up for you and document it, but compared to the downside of declaring a HIPAA breach, it’s worth every penny.

4. Encryption will slow down my network. This may be true in theory, but the real-world consequences are almost impossible to detect. Decryption occurs on the fly, and modern processors handle this very quickly. For example, if it normally takes 1.5 seconds for your practice management system (PMS) chart to open, if the data is encrypted it may now take 1.6 or 1.7 seconds. Those are just random numbers; whatever slowdown might occur will be so negligible that you really won’t even be aware of it.

There is no good excuse for not encrypting your data. It’s a HIPAA law, it protects your data from infection, and it’s free. Above all, it protects the practice from having to declare a breach, which would be devastating to any dental office.

[ Editor’s Note: The Authentic Frontier Gibberish headline is a reference to the 1974 movie “Blazing Saddles,” directed by Mel Brooks. ]

Recent Videos
GNYDM24 Product Focus: Josh Gosnell, Vice President, Business Development at Adit, explains how cloud-based analytics and patient communication software can enable practices to run more efficiently.
GNYDM24 Product Focus: Debra Engelhardt-Nash talks about how Weave's systems can help with increasing patient acceptance and with practices getting paid.
At DS World 24, Max Milz, Dentsply Sirona VP, Connected Technology Solutions, talks about the company's new Primescan 2 intraoral scanning solution and how it fits in with a variety of digital dentistry workflows.
At Dentsply Sirona World 2024, Henry Schein's Matt Kunzler talks about the brand new innovations from Dentsply Sirona, including Primescan 2, a first of its kind cloud native scanner, as well as Henry Schein's flex financing solutions.
The Uptime Health Story: An Interview with Uptime Health CEO and Co-Founder Jinesh Patel
Mastermind Episode 33 – Charting the Course for the Future of Dentistry
CDS 2024: What's New at TAG University? with Andrew De la Rosa, DMD
CDS 2024: Breaking Down Barriers to Care with Eric Kukucka, DD
© 2024 MJH Life Sciences

All rights reserved.