When it comes to protecting patient information I think we can all agree that it’s best to err on the side of caution. After all, patients are the heart of dental practices and giving them the best—and most confidential—care possible is essential to long term success in the dental industry.
That’s why there are regulations in place to ensure that dental professionals maintain patient confidentiality. These are laid out in the Health Insurance Portability and Accountability Act—or HIPAA as most of us know it and guide dentists and their staffs as they handle sensitive patient information. Following HIPAA standards can be a challenge, though, as the list of what should and shouldn’t be done is exhaustive.
This is great for your patients who want to feel secure in knowing that what they experience while in your capable care will stay between you and them. But it can lead to accidental violations you might not even be aware of. Here are a few common ways you or other members of your dental team may violate HIPPAA standards without even knowing it.
Marketing and Social Media
While both are key to growing your practice and connecting with patients, marketing and social media use can lead to violations if you’re not careful. Sharing photos with patients in them without their permission—no matter how harmless they seem—should be avoided. And always be sure to check photos for anything that could be revealing of a patient’s condition or treatment. Plus, if you plan on using patient testimonials for marketing be sure to have proper sign off from the patient before sharing and don’t edit their words to better fit the message you want to share.
As dental practices continue to become more integrated with technology, particularly with office software, it’s important to remember that data needs to be kept secure. This means not accessing patient information on personal devices, such as cell phones or tablets, and making sure that all devices that are connected to software with patient information are kept well organized. A lost device could lead to the leaking of confidential patient information—and serious legal trouble for a dental office. This is an especially important consideration if you have or plan on purchasing cloud based office software.
Additionally, everyone on the staff should take the time to choose a password that isn’t obvious (like a birthday or a pet’s name) and never share them with anyone—even other team members. This helps prevent accidental sharing of passwords outside of the practice that could lead to a breach in data security.
If you’re running late to the office and want to quickly fill in your fellow hygienist on the patient they’ll have to care for until you arrive it can seem like an easy solution to text her what she should know. But personal devices are known for being unsecured and at risk of hacking, so if you’re texting patient information to co-workers and someone is able to access it you’ve just illegally disclosed patient information. That turns a simple and quick text into a HIPAA nightmare.
Furthermore, if you have patients whose oral health is affecting their systemic health it can be helpful to collaborate with their primary care physician on treatment. But before you share anything about your patient with the other medical professional you must get their consent. Going directly to their doctor—while seeming like the best thing for their overall health—is in direct violation of HIPAA regulations. So it’s important to always remember to get explicit permission before reaching out to other health care professionals.
How do you avoid these violations?
The best way to ensure your team remains compliant with HIPAA is to make compliance training about more than meeting your annual requirement. Instead, you should incorporate discussion on compliance, updates to standards, potential violations concerns and more into staff meetings on a regular basis. It can also be helpful to seek the help of a professional whose job is to help dental practices understand HIPAA and avoid costly but easily overlooked errors.
By taking these extra steps you can help maintain compliance in your practice and rest easy knowing that you’re providing patients with the privacy and dependability they deserve.