The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that provides protection for patients’ health information and how it is handled by those who provide healthcare.
Following HIPAA guidelines helps protect PHI and your organization. Businesses that fail to do so may be responsible for consequences, including fines, if data is compromised (hacked, computer stolen or lost, etc.).
We are not HIPAA consultants, but we can keep you informed about how Open Dental can help you to be HIPAA compliant.
In this post:
- Your responsibility for HIPAA compliance.
- The definition of Protected Health Information (PHI).
- Using Open Dental’s built-in tools for HIPAA-compliant use of the software.
- Additional resources on HIPAA.
Your responsibility for HIPAA compliance:
The responsibility for HIPAA compliance falls to each dental office. It is up to you to make sure your practice is secure. Open Dental software is a tool to help you become compliant when used properly. You can find more on our webpage, HIPAA Compliance and Your Practice.
Defining Protected Health Information (PHI) as it relates to HIPAA:
Protected Health Information, in a nutshell, is individually identifiable health information. In other words, a list of treatment by itself isn’t PHI but when it also shows the patient name, it is then individually identifiable, and becomes PHI. Read the official definition of PHI here.
Open Dental has built-in tools to make sure you’re using your Practice Management Software in a HIPAA Compliant Way:
- Access to Data
- Each Open Dental user must have their own unique login that is password-protected. Passwords should not be shared. See our page on Security to get the login set up, and have each user create a secure password.
- Only Authorized staff should have access to Open Dental, and Protected Health Information.
- Displayed Data
- Do you have a schedule that is visible to patients?
If so, create a HIPAA view so that identifying information is not displayed. See our page on Creating Appointment Views and using the Kiosk feature to limit what patients see if they’re completing forms on a computer in your practice.
- Do you have a schedule that is visible to patients?
- Stored Data
- Your local server should be in a secure location and password-protected to prevent unauthorized access. If hosting your database in the cloud, make sure the provider is HIPAA-compliant.
- Any database backups should also be encrypted. Make sure you have a robust backup strategy – see our post on this here.
- Data in Transit
- Are you transmitting PHI (like treatment plans, statements, x-rays, etc.) via email?
If you’re not using encrypted email, WebMail inside Open Dental is a great way to send secure messages to your patients. You grant Patient Portal access to your patients, they access the Patient Portal to see secure messages (and so much more).
- Are you transmitting PHI (like treatment plans, statements, x-rays, etc.) via email?
Other Resources:
Here’s a link to the official government info. Subsection 164.308 (page 747 in the PDF) provides very specific information about security of PHI.
Categories: HIPAA Compliance, Your Software
HIPAA compliance is more important then ever because of the COVID uncertainty in these troubled times. Moreover, since everything is moving towards digital front, cyber attacks are surely going to rise. No one can afford losing personal information of the patients. Therefore, compliance with HIPAA standards is the key no matter even if it incurs some cost. The long-term benefits certainly outweighs current costs.
Thanks for your input!