Protect data with a security risk assessment

Article

The terms data loss and data breach are enough to send chills down the collective spine of any dental practice. And with good reason. The legal fees, remediation costs, restitution, fines and negative media exposure can be hard to recover from and can have a lasting impact on your practice. In short, not only do you need to protect your bottom line, but also the privacy of your patients and your reputation.

The serious risk associated with a data loss or breach is exactly why HIPAA mandates that you conduct an annual Security Risk Assessment (SRA). A properly conducted SRA is the first step in identifying potential information security risks that you can then address by implementing solutions to improve your practice and keep it HIPAA compliant.

Generally speaking, an effective SRA provides a large scope analysis that evaluates data collection and storage, potential threats and vulnerabilities, current security measures and the likelihood and potential impact of threat occurrence. Additional assessments may be required, depending on the unique needs of your practice. An organized report reviewing the findings of the assessment is also required.

For example, a dental practice would need to examine and document the following areas of its practice as part of a SRA:

Review of PHI inventory to determine where electronic and other data is located

Examination of the three security safeguards: administrative, physical and technical

Examination of the practice according to the latest Omnibus rules

Assessment of current operations for HIPAA compliance, including safeguards in place, as well as vulnerabilities and specific threats to safeguards

Evaluation of existing security policies and procedures

Learn more about the types of security policies and procedures you can implement by reading this Dentrix eNewsletter article: 4 Tips for Addressing Security Threats in Your Practice

Although you can perform your own SRA through a tool provided by the Department of Health and Human Services, many practices are choosing to hire a third party to conduct their SRA because they find the process complicated and time-consuming. Others are worried about making mistakes or not knowing the best path to remediation. Since your time is likely better spent doing what you do best-focusing on your patients-let TechCentral’s partner ClearDATA help you avoid the stress by conducting your SRA for you.

ClearDATA has conducted thousands of successful assessments. Known for being affordable, quick, effective and comprehensive, ClearDATA prides itself on going above and beyond the basic SRA requirements. For example, many assessment providers overlook examining the three safeguards required by 45 CFR 164.308 (a)(1) - administrative, physical and technical, including the latest Omnibus rules, which ClearDATA considers essential to the evaluation. ClearDATA’s post-assessment report is also incredibly comprehensive, includes detailed vulnerabilities and remediation recommendations and is audit-ready. By using the Common Security Framework and complying with the Health Information Trust Alliance (HITRUST) standards, you can be certain that your assessment through ClearDATA will be comprehensive and top of the line.

Contact TechCentral at (877) 483-0382 or visit www.HSTechCentral.com/ProtectYourPractice to learn more about how a SRA through ClearDATA can protect, and even improve, your practice. 

 

Recent Videos
Mastermind 42 – Episode 42 – Getting Those 5-Star Reviews for Your Dental Practice Part 2
Mastermind – Episode 41 – Getting Those 5-Star Reviews for your Dental Practice
Mastermind – Episode 39 – Resolving Conflicts in the Dental Practice
Mastermind – Episode 35 – Finding Strength in Our Differences
The Uptime Health Story: An Interview with Uptime Health CEO and Co-Founder Jinesh Patel
Greater New York Dental Meeting 2023 – Interview with Aaidil Zaman of Wall Street Alliance Group
Greater New York Dental Meeting 2023 – Interview with Crystal Spring, RDH, BS, LAP
Dental Product Insights: Keeping Up With Patient Communication Expectations – Part 1: Communication Technology
Mastermind - Episode 31 - Retaining Dental Staff
Related Content
© 2024 MJH Life Sciences

All rights reserved.