How to Secure your Dental Practice's Server

Pat Little, D.D.S., FAGD, CFE, is a dentist who has reinvented himself as an expert on dental fraud and patient data security. His companies, Dental Risk Concepts and Prosperident, have ferreted out numerous dental practice fraudsters and helped dentists stop patient data loss. In this clip, Little explains what you need to do with your dental practice’s server to stay HIPAA compliant and keep your patient data safe.

Interview Transcript (Modified for Readability)

“When it comes to server security, one of the things that we really want to stress — and this is actually part of the HIPAA risk assessment as well – the server should not be sitting out in the open where someone can see it or get to it. The server is supposed to be secured, ideally in a separate room that’s locked. If it can’t be secured in a separate, locked room, get with an IT company and make sure that it’s literally in a server cage that can be bolted to the wall or bolted to the floor. My recommendation is, if you have the room in the office, have a separate room for the server and also have it bolted down.

RELATED: More Advice from Pat Little

· The Common Ways Dentists Cause Patient Data Breaches

· The First Thing Dentists Should Do to Stop Identity Theft

· Why Dental Charts are Especially Appealing to Identity Thieves

Because if there’s a data breach, what HIPAA is going to look at is, did the doctor take reasonable precaution to protect that data? If the server was just sitting out in the open, that’s not reasonable precaution. Having it locked in a separate room? That might be considered reasonable precaution. But having it in a separate room and bolted down in some manner, that is taking reasonable precaution at that point.

Mainly, the doctor just wants to think about safety. How can the doctor take reasonable care to protect patient data. Taking care of the server is probably job one.”

Discover more Dentist’s Money Digest® videos here.