It’s called protected health information (PHI). But breaches of personal health data are on the rise, some shocking in the scope of human error involved. Like the dental practice that stored records at a secure storage facility, only to discover the storage provider misapplied payments and auctioned a unit – with no notice to the dentist. Or the dental practice that had two laptops stolen; both contained PHI, yet only one was encrypted.
In the first half of 2015, healthcare led all industries in security breaches – as it did in 2014. These statistics reinforce the belief that the healthcare industry is unprepared for cyber warfare. Data breach reports find that in 60% of cases, attackers can compromise a system in minutes.
As scary as that sounds, the biggest challenge the dental industry faces right now is its own inattention to physical security. A ClearDATA analysis of all dental practice-related breaches for the past 12 months confirmed that the majority of reported breaches were caused by physical theft.
Is the practice owner held responsible for intentional criminal breaches by outside parties? In the real examples cited above, the practices were deemed culpable. The unencrypted laptop was taken by a thief who easily pushed through an unsecure door. The dentist who lost his storage unit to auction, knowing that it contained valuable PHI, should have had controls in place to ensure his account was in good standing.
The nemesis here isn’t just the thief. It’s also the unrealistic expectation that dental professionals should manage impenetrable IT departments. Yes, they are responsible for data, but the actual mechanics of protecting PHI can and should be handed off to infrastructure and security experts, just like numerous other activities critical to day-to-day operations. It’s unreasonable to expect each practice to have an internal IT department able to comply with increasingly complex requirements, from unceasing HIPAA updates to the nearly 600-page Omnibus Rule.
Dental practices need IT help. They have too much to lose by leaving data vulnerable. Data breaches can ruin a dental practice’s reputation and finances, with fines potentially reaching past $1 million.
A third-party provider such as Henry Schein TechCentral can step in and immediately begin to strengthen security by performing a risk assessment – which comprehensively and clearly identifies where the gaps in security reside. In addition to storing, managing and securing healthcare data, TechCentral can educate the office on best practices for preventing physical theft. These can include:
Thieves are always looking for ways to steal valuable data. In the highly regulated, highly defended environment of a top-tier cloud services provider, all access can be restricted and documented right down to the user, application and file, with immediate detection of unauthorized access attempts. Meanwhile, the dental practice can turn its own focus back to caring for patients.
Contact TechCentral at 877.483.0382, option 1, or visit www.HSTechCentral.com/ProtectYourPractice to learn more about how a security risk assessment can protect, and even improve, your practice.
Chris Bowen is founder and chief privacy and security officer at ClearDATA, a healthcare-exclusive cloud computing platform and information security services provider.
The businesses listed here are not owned or controlled by Dentrix or Henry Schein and have created these descriptions of their company, products and services themselves. Dentrix and Henry Schein make no independent assessment of the above descriptions and consumers should contact these providers directly if seeking additional information about their products or services.