Security in the Dental Billing Industry
We read about security breaches almost every day, yet we don’t always recognize their importance when it comes to our personal businesses. It can take some sobering facts for us to wake up to the idea that our information –or our patient’s information- can be stolen, often very easily.
Health care organizations, from hospitals to dental practices, make up almost a third (33%) of all data breaches across every industry, and are the single most targeted in the United States. The U.S. Department of Health and Human Services even estimates that 21 million personal health records have been compromised since 2009.
You might think that as long as you’re investing in the proper cybersecurity software for your business, your patient information is going to be fine, but it’s important to recognize the human element in all of this cyber talk. How often do your office employees simply throw away sensitive information in the office trash bin? Do you use company laptops, phones, or tablet devices that contain patient data? Once you’ve taken stock of just how far-reaching some of this incredibly private information is, the better you can work towards ensuring it doesn’t end up in the wrong hands.
While the Health Insurance Portability and Accountability Act (HIPAA) requires certain measures to be taken in order to guarantee patient privacy and security, true encryption starts in your office, with guidance, rules and regulations for the storage, distribution and disposal of sensitive private information:
- Don’t make your passwords potentially accessible to the public. Prevent employees from using pieces of paper to put under keyboards, on computer screens, or on sticky notes around the office. Encourage your employees to either memorize passwords or use a mobile/computer application with its own password manager.
- Complicate the password process by using mixtures of capital letters, numbers, symbols, and nonsense words that require a definitive password manager to access. Your employees might grumble that it takes longer to do this, but the added level of security means that passwords don’t get written down or lost.
- Tell your employees to drastically limit personal screen time during office hours in order to best prevent accidental privacy exploits from websites that aren’t secure or have outdated security certifications.
- Make sure that your front office and other computers are out of public view, so that no one can take a look at what’s on the screen. Even seemingly innocuous desktop information can be a boon for those looking to pry into patient files or ledgers.
Every office is different, and you may need to discuss how to best implement these steps with your employees at a round table meeting with everyone present. Ensuring that rules are followed is essential to the security of your patient’s information, as well as compliance with HIPAA. Imparting this information should be one of your biggest priorities if it isn’t already. The peace of mind you can provide to yourself and the privacy of your patients is second to none.