Is your data secure?
As health care providers, dentists are versed in HIPAA rules and requirements. But from a practical standpoint, you are a dentist, not an IT professional.
Last month, Front Desk looked at the vulnerability of computer systems in smaller dental practices and how – in some instances – cyber thieves consider them easy marks for hacking health records that can be sold on the Dark Web.
What to do?
There are options, which entail investigation and careful consideration, as well as financial investment.
Some dental offices have their own servers and information backup operations. In some cases, the dentist is savvy with technology and installs protections and security and monitors the system. Other offices may employ an IT person who handles computer installations, backup and troubleshooting.
But more and more healthcare offices are moving to the Cloud, which has grown exponentially in the last five years. Some Cloud data providers – Google, Microsoft and Amazon are a few of the big names – now provide HIPAA-compliant storage as well as suites of services for office use.
Andy Jensen, a vice president of Curve Dental, is a Cloud booster who argues it supplies better data security. He warns that computer hardware can be stolen by thieves who break into an office in pursuit of information to sell on the web. Cloud data is mainly stored at a professional data center with fencing, 24-hour on-site security and surveillance and more.
Another advantage, Mr. Jensen outlines, is a better defense against ransomware with Cloud storage. “With the cloud, your data is protected around the clock by software, systems, processes, and people whose number one task is to thwart, prevent, and monitor for unauthorized intrusion,” wrote in an article for Dental Economics.
Other benefits he cites are better virus and malware protections, better data backup and better data maintenance, all tasks that are important but can take away time from your main mission: practicing dentistry. Mr. Jensen has written a book about Cloud storage and also offers a downloadable worksheet – go.curvedental.com/ROI-worksheet-DE – to help dentists calculate the costs of in-house vs. cloud storage options.
Adelia Risk, a cybersecurity agency that works with regulated industries like financial services and medical and biotech companies, last year reviewed Cloud storage services, focusing on their HIPAA compliancy, reliable security features and availability of “business associate agreements” required by HIPAA.
Choosing the right Cloud provider will depend on the way your office uses data, whom you share information with, and the use of smart devices in your practice. For best all-around ease, security and value, Google Drive gets top marks from Ms. Risk as well as PC Magazine.
Ms. Risk also gives high marks to Microsoft’s Office 365/OneDrive and Amazon Web Services but stresses that proper data back-up is key, no matter who your provider is. Adelia Risk has some recommendations for that too, including programs sold by SpiderOak and Carbonite.
There is much to know – and research – about computer data storage, the Cloud, and HIPAA requirements. One source to get grounded in the basics is: https://electronichealthreporter.com/what-are-hipaa-compliant-storage-requirements Deciding among computer data storage options is a dry subject, but the trust your patients put in you to protect their health information – as well as federal legal requirements – make it an important topic worth understanding.
Photo by MF3d, https://www.istockphoto.com.
The views expressed in this column are those of the writer and not necessarily the opinions of the Chicago Dental Society.
CDS presents Front Desk, a column addressing issues facing dentists and staff members experience in the office.
Front Desk is prepared by Stephanie Sisk, a freelance journalist.