Ask your IT provider these key questions

Publication
Article
Dental Products ReportDental Products Report July 2020
Volume 54
Issue 7

With plenty of distractions today, it’s critical to make sure dental patient records are well protected.

As I am writing this article, we continue to suffer through difficult times: COVID is still a major concern and the country is suffering through protests and social upheaval. Dental offices are under attack, but for different reasons. It is well-known that patient records are the highest value items on the black market, and with many offices more focused on PPE and patient safety than on their digital security, I am seeing a lot of practices that are at high risk.

While many dental offices are doing what they can to protect their data, most will require the services of an IT company to assist in that. Most dentists and staff just don’t have the training nor the experience to manage the ever-changing landscape of HIPAA and cybersecurity. The problem, as evidenced in well-publicized ransomware attacks on dental offices in Wisconsin and Colorado, is too many IT companies are themselves, not following best practices, and are putting their clients’ critical data at risk. If you are working with an IT company, here are a few of the questions you really should be asking them:

1. Is the IT company using 2FA to access their remote access portal? Most of us setup remote access to our clients’ computers so we can provide support, both during the day and after-hours. It’s vital that we ensure that only our technicians, and not strangers, can access those portals. One way to do that is through 2FA, two-factor authentication, or sometimes called multi-factor authentication. In a nutshell, whenever one of our techs attempts to access our portal, they are sent a code to their cell phone that they must use within a few minutes to access the site, they cannot access the site without it. Another technique which some remote access portals use is IP restrictions. Basically, all computers on the internet have a unique IP address, and you can set it up so that only computers with specific IP addresses can access the site.

2. Is this IT company testing your backups? Forget for a second that there is a HIPAA law that says you must test and verify your backups. Even without HIPAA, it’s important to know that your backup is actually working and that you easily restore it should you suffer a disaster. It’s not enough to just see that the software says the backup was successful, as that may not be valid, but you need to confirm that you are actually backing up all necessary files. Should your office ever suffer a ransomware attack, in many cases, having a good (and encrypted) backup is the only way to get your data back without paying a huge ransom.

3. Has your IT provider done a proper risk assessment and created a HIPAA Management Plan? As anyone who has suffered through a HIPAA audit knows, taking a quick 10-15 minute survey online isn’t even close to being adequate for a risk assessment. When a new patient comes in, you don’t start treating them based just on their medical and dental history forms (at least, I hope you don’t!).

You have to diagnose first—you take X-rays, restorative charting, perio probing, etc. And, based on that, you then develop a treatment. Well, HIPAA uses the same method—how can you handle the areas where your practice isn’t meeting HIPAA requirements until you actually look?

The point being, a risk assessment must include a thorough evaluation of your IT systems, and in most cases, your IT providers are the only people who can do this. Unfortunately, in my experience, many IT companies don’t provide that risk assessment or HIPAA Management Plan for their clients.

Many dental offices are paying substantial amounts each month to professionals to make sure that their practice is protected and secure. It’s never a bad idea to review that relationship to make sure you are getting what you need. 

Recent Videos
GNYDM24 Product Focus: Michele Gabriel of DDSmatch stops by the DPR booth at the Javits Center in New York.
GNYDM24 Product Focus: Debra Engelhardt-Nash talks about how Weave's systems can help with increasing patient acceptance and with practices getting paid.
2024 Chicago Dental Society Midwinter Meeting – Interview with Peter Maroon, business development and sales lead at Spectrum Solutions® on the new salivary diagnostic test, SimplyPERIO.
GNYDM23 Product Focus: Henry Schein Maxima Turbo Class B Sterilizer with Dyan Jayjack
GNYDM23 Product Focus: Henry Schein Maxima PowerClean 210 with Dyan Jayjack
Greater New York Dental Meeting 2023 – Interview with Len Tau, DMD
Greater New York Dental Meeting 2023 – Interview with Hope Slowik
Greater New York Dental Meeting 2023 — Interview with Ben Miraglia, DDS
Related Content
© 2024 MJH Life Sciences

All rights reserved.