The terms "data loss" and "data breach" suffice to chill the spine of any dental equipment office. And for good reason. Legal fees, remediation costs, restitution, fines and negative media exposure can be difficult to recover and can have a lasting effect on your practice. In short, you not only need to protect your bottom line, but also protect your privacy and your reputation.
The serious risk associated with data loss or infraction is why HIPAA requires you to conduct a Security Risk Assessment (SRA) once a year. The right execution of the SRA is the first step in identifying potential information security risks, and then you can improve your practices and keep them up to HIPAA standards by implementing solutions.
In general, valid SRAs provide a wide range of analyzes to assess data collection and storage, potential threats and vulnerabilities, current security measures, and the likelihood and potential impact of threats. Depending on the unique needs of your practice, additional evaluation may be required. An organized report is also needed to assess the outcome of the assessment. For example, a dental clinic will need to examine and document the following areas of practice as part of the SRA:
The serious risk associated with data loss or infraction is why HIPAA requires you to conduct a Security Risk Assessment (SRA) once a year.
Check the list of protected health information (PHIs) to determine the location of electronic and other data
Review of three safeguards: administrative, material and technical
Review practices based on the latest comprehensive rules
Assess current HIPAA compliance, including current safeguards and vulnerabilities and specific threats to safeguards
Assess existing security policies and procedures
For Dentrix users, read this Dentrix eNewsletter article to learn more about the types of security policies and procedures that can be implemented: 4 Tips for Solving Practical Security Threats
Although you can implement your own SRA through the tools provided by the Department of Health and Human Services, many practices choose to hire third parties to implement the SRA because they find the process complex and time-consuming. Others fear mistakes or do not know the best path to healing. Because your time may be better spent doing what you do best - focus on your patients - Let TechCentral partner ClearDATA help you to avoid stress by performing SRA for you.
ClearDATA has undergone thousands of successful dental instruments assessments. ClearDATA, known for its affordable, fast, efficient and comprehensive prides itself on exceeding the basic SRA requirements. For example, many evaluation providers have neglected to review the three safeguards required by 45 CFR 164.308 (a) (1) - administrative, physical and technical, including the most recent comprehensive rules that ClearDATA considers critical. ClearDATA's post-evaluation report is also comprehensive, including detailed vulnerability and remediation advice and is auditable. By using the universal security framework and following the HITRUST standard, you can be sure that the assessment you make with ClearDATA will be comprehensive and top-notch.