10 Things Dentists Must Do to Secure Their Data

Publication
Article
Dental Products ReportDental Products Report March 2022
Volume 56
Issue 3

From formal risk assessments to encryption, here is a comprehensive list to ensure your practice data is safe.

©Feodora / stock.adobe.com

©Feodora / stock.adobe.com

Many of you who used to watch David Letterman are very familiar with his “Top 10 List,” a nightly segment where he counted down the top 10 things related to a specific topic. Although I wish my list was as funny as his usually were, that’s probably not the case, as what we are talking about is serious business. So, allow me to present a list of the top 10 things (in no particular order) dentists can do to protect their data.

1. You must do a formal risk assessment and have a Health Insurance Portability and Accountability Act (HIPAA) risk management plan in place. You wouldn’t treat a patient without doing a diagnostic workup and presenting a treatment plan, and HIPAA works the same way. You can’t know where you’re falling short of the rules, regulations, and best practices until you actually, you know, look.

2. Set up a secure and compliant backup and disaster recovery system. If a patient goes to 5 different dentists, they’re going to get 5 different treatment plans, and the same is true for dentists working with information technology (IT) providers. That being the case, your protocol at the very least should involve a local backup of the entire server (also known as an image), an offsite backup either to the cloud or hard drives that are taken home nightly, and regular testing and verification.

3.Keep all your software current and up to date. It’s not just smart, it’s the law and is called patch management. This is usually best done by an IT company. Although you can patch Windows on your own, I don’t recommend that. Most offices have dozens of software programs they use, and manually patching all of those on your own is complex and time-consuming.

4. Encrypt every device that contains electronic protected health information (ePHI). At the very least, this includes the server, but many offices add the doctor’s computer, office manager’s computer, etc. If it has a patient name, chart ID, date of birth, phone number, or any of 14 other identifiers, then it’s ePHI and must be encrypted and backed up. Fortunately, pretty much any computer built in the past 8 to 9 years already has a free encryption program, BitLocker, which is built right into Windows.

5. Speaking of encryption, you also must encrypt your online communications with patients and referring offices. Most of the better solutions will work with your existing email address, and you shouldn’t have to pay more than $40 to $50 per month for a good, encrypted email system.

6. Invest in a business-class firewall. A firewall keeps the bad guys (malware) from entering your network. Stay away from consumer-level devices, such as Linksys and Netgear. Instead, consider a firewall from companies like Sophos or SonicWall.

7. Firewalls are a great start, but they are not infallible, so you should have good antivirus software in place. Emsisoft, ESET, Trend Micro, Bitdefender—there are numerous good antivirus programs.

8. Although most antivirus programs say they are effective against ransomware, that isn’t always the case. Consider anti-ransomware-specific software, such as Intercept X or HitmanPro.

9. With many viruses being zero-day—meaning they are so new that your software won’t recognize them as a virus—you must consider using application whitelisting. Basically, all your good programs that are on the list can run, and any that aren’t on the list, such as viruses, get stopped in their tracks.

10. Finally, invest in annual training for you and your staff to stay on top of these security risks.

If your office follows all these top 10 items, you’ll be ahead of the game when it comes to meeting HIPAA laws and cybersecurity best practices.

Recent Videos
GNYDM24 Product Focus: Michele Gabriel of DDSmatch stops by the DPR booth at the Javits Center in New York.
GNYDM24 Product Focus: Debra Engelhardt-Nash talks about how Weave's systems can help with increasing patient acceptance and with practices getting paid.
2024 Chicago Dental Society Midwinter Meeting – Interview with Peter Maroon, business development and sales lead at Spectrum Solutions® on the new salivary diagnostic test, SimplyPERIO.
GNYDM23 Product Focus: Henry Schein Maxima Turbo Class B Sterilizer with Dyan Jayjack
GNYDM23 Product Focus: Henry Schein Maxima PowerClean 210 with Dyan Jayjack
Greater New York Dental Meeting 2023 — Interview with Ben Miraglia, DDS
Greater New York Dental Meeting 2023 – Interview with Crystal Spring, RDH, BS, LAP
Dental Product Insights: Keeping Up With Patient Communication Expectations – Part 4: Lighthouse 360+
Related Content
© 2024 MJH Life Sciences

All rights reserved.