Stay Secure, Stay Safe: Protecting Patient Information

Dental offices have become a prime target for security breaches and cyber-attacks in today's digital world. Once held securely in paper records, patient information is now vulnerable to hackers who can access sensitive data with a few keystrokes. To combat this growing threat, dental offices must proactively protect patient information and comply with the Health Insurance Portability and Accountability Act (HIPAA) regulations. Performing a comprehensive security risk analysis is a crucial step in safeguarding patient data and maintaining the trust of patients.


One of the first things dental offices need to do to protect patient information is to conduct a thorough security risk analysis. This process involves identifying and assessing potential vulnerabilities within the dental office's infrastructure, policies, and procedures. By performing a comprehensive risk analysis, dental offices can identify security gaps and determine the level of risk associated with each vulnerability. This information is essential in developing an effective security plan and mitigating potential threats.


To perform a security risk analysis, dental offices should conduct a detailed inventory of all the electronic systems, devices, and software. This includes dental practice management software, electronic health records, imaging systems, and other technology storing patient information. It is important to document each system's make, model, version, and location to ensure accuracy.


After inventorying the electronic systems, dental offices should assess the physical security of their premises. This includes evaluating access controls, surveillance systems, and physical barriers that protect patient information. It is vital to ensure that only authorized personnel have access to patient information and that measures are in place to track and monitor access.


Next, dental offices should evaluate their policies and procedures regarding data privacy and security. This includes reviewing employee training programs, user access controls, and password management protocols. Educating employees about the importance of safeguarding patient information and regularly assessing their knowledge and adherence to security protocols is crucial.


Furthermore, dental offices must assess the technical safeguards to protect patient information. This involves evaluating the encryption methods used to secure data during transmission and storage and the backup and recovery processes in case of a security incident. Ensuring that all software and hardware are up to date with the latest security patches and updates is essential.


Once the security risk analysis is complete, dental offices should develop a comprehensive security plan that addresses the identified vulnerabilities. This plan should include measures to mitigate risks, such as implementing more robust access controls, encryption methods, and regular data backups. It is essential to regularly review and update the security plan to adapt to evolving threats and technology.


In addition to the security risk analysis, dental offices must comply with HIPAA regulations to protect patient information. HIPAA mandates that dental offices implement administrative, physical, and technical safeguards to ensure patient data's confidentiality, integrity, and availability. Dental offices must also designate a HIPAA security officer responsible for overseeing the implementation and monitoring of these safeguards.

To maintain compliance with HIPAA, dental offices should regularly train employees on the importance of protecting patient information and reinforce security protocols. In the event of a security breach, dental offices must have an incident response plan to mitigate the impact and promptly notify affected patients and authorities.


To help you perform this risk assessment/analysis, the Office of the National Coordinator for Health Information Technology (ONC) is an excellent resource for all healthcare systems. The ONC, located within the U.S. Department of Health and Human Services, is a federal entity responsible for coordinating efforts to implement and use the most advanced health information technology and electronic health information exchange. The two main focus areas of the ONC are to advance the development and use of health IT capabilities and to establish expectations for data sharing. This department developed a downloadable Security Risk Assessment Tool (SRA) to help guide you through conducting a security risk assessment that the HIPAA Security Rule requires. The assessment tool is available in Windows or Excel Workbook format. Both versions guide you through multiple-choice questions, threat and vulnerability assessments, and asset and vendor management. References and additional guidance are given. Reports are also available to save and print after the evaluation is completed. Webinars and training are also available on the website.


Security Risk Analysis/Assessment Tool


On a final note, protecting patient information is a legal obligation and vital to maintaining patient trust and confidentiality. Dental offices must prioritize security risk analysis and HIPAA compliance to safeguard patient data from potential security breaches. By implementing robust security measures and staying informed about the latest threats and best practices in data protection, dental offices can ensure the privacy and security of patient information. Using the Security Risk Assessment Tool is a simple approach to discovering the quality of protection your office uses to protect patient's electronically transmitted personal data. Stay secure, stay safe.


Maryanne Ferree RDH, BS, PHDHP

Maryanne Ferree, BS, RDH, PHDHP, CDIPC from Pittsburgh, Pennsylvania, is a registered dental hygienist with over 39 years of experience. She has ventured into many facets of dental hygiene, including clinical care, public health, and education. She is currently a clinical faculty member in the Department of Periodontics and Preventive Dentistry at the University of Pittsburgh School of Dental Medicine focusing her clinical teaching on Periodontal Instrumentation. She has been excited to step into the role of KOL and blogger to share her enthusiasm for infection control in the dental setting, OSHA compliance training, and periodontal disease therapy.