A vital part of operating a successful dental practice is ensuring that all patient health records are protected and stored safely. With today’s technology, patient information can now be filed electronically, allowing for easy and efficient access to dental records. While it is a cinch to access and update patient information this way, it can also be easy to breach patient privacy if proper security systems and procedures are not in place.
Having electronic patient records makes it easy for dental office team members to update information quickly and efficiently. Health records stored electronically are classified as Electronic Protected Health Information (ePHI), which is defined as any information that is produced, saved, transferred, or received concerning health status, provision of care, or payment for health care that can be linked to a specific individual. Records categorized as ePHI are covered by HIPAA, the Health Insurance Portability and Accountability Act. All ePHI is housed in a secure system, making it easy to locate and access information at any time. This eliminates the need to keep hundreds of paper files, which are difficult to maintain and not very secure.
While electronic health records are much more efficient and secure, they do have the potential to be insecurely shared and stored if the proper precautions are not taken. Saving and storing files outside of a secure system or device is a violation of HIPAA. Simply leaving a patient’s file open and visible to public eyes on a computer screen can also be detrimental to their privacy. Furthermore, with the increasingly frequent use of online communication, it can be easy and tempting to simply reply to a patient’s e-mail or instant message regarding his or her dental information. However, common forms of online communication such as personal e-mail and social media are not secure places to share private patient information.
Dental support organizations (DSOs) have taken huge strides to ensure that supported offices have the systems necessary for keeping patient information secure. Heartland Dental, for example, has implemented a number of high-level security systems to make sure that ePHI is protected. A specialized enterprise systems and security team utilizes dozens of products and security measures that provide high levels of preventive and protective utilities. These include intrusion detection, data encryption and masking of sensitive data, computer forensics capabilities, application whitelisting, firewalls, antivirus software, and more. The team also regularly employs external HIPAA consultants who run HIPAA risk assessments and security remediation plans.