How to Bring Your Dental Practice Out of The Dark Ages While Remaining HIPAA Compliant
In the world of dentistry, HIPAA is a part of daily life. (If it isn’t, your dental practice has bigger problems than this blog can answer!)
HIPAA controls and regulates the ways that we, as medical professionals, communicate, keep, use, and disclose patient information. But not everyone realizes that HIPAA also restricts the way dental practices can use text messaging and email to communicate to patients.
Not only does it apply to patient communication, but it also applies to when you communicate with other medical professionals about patients. One aspect that many dental professionals don’t realize? HIPAA also regulates when a dentist emails patient records from a work account to a personal one — even if the dentist is doing so simply to finish up work from home.
HIPAA regulates emails, but it doesn’t prohibit them — there are just special security measures dentists must take when doing so. Dentists must obtain consent from patients in order to send personal information over unsecure networks — doing so without patient consent can violate HIPAA.
Dental practices should be making HIPAA compliance a priority — failure to do so can result in severe consequences to the dental practice. If protected information is disclosed in a way that does not comply with HIPAA, the dentist may be required to notify the affected individuals, the federal government, and if more than 500 people are affected, the media. Add in the fact that the federal government is stepping up HIPAA enforcement, and you could be looking at a very messy, expensive problem if you’re found in violation.
How to Get It Done
Dental practices need to make sure staff is following rules to remain HIPAA compliant. To get started, here are two things you can reinforce with staff:
HIPAA applies specifically to the storage and disclosure of a patient’s protected health information that can reasonably link to a specific, identifiable individual.
‘Password protected’ is not the same as ‘secure’ or ‘encrypted.’ The encrypted information is scrambled code, whereas passwords are just a gate between users and the raw information.
How to Use Email and Text While Remaining HIPAA Compliant
- Managing emails to others within the same practice
At this point, the majority of dental practices have a secure server, and a network- any emails between staff at these practices can send a patient’s protected health information and still be HIPAA compliant. However, if your practice uses a web-based client like Gmail, you cannot email a patient’s information to another person within the organization while remaining compliant.
2. Managing emails with people outside of the practice
Any emails directed to people outside of your dental practice should not include any protected health information or have any records attached — unless an email is encrypted or sent through a secure messaging system. As a measure of best practices, dentists should not use emails to communicate with any outside providers about an identifiable patient without taking extraordinary security measures.
3. Managing emails to personal email accounts
You cannot send emails from a work email to a personal email that contains protected health information. If you need to take work home, consider using a VPN service or an encrypted flash drive.
4. Managing text messages with non-patients
Unless a provider has a secure messaging platform, text messages are neither secure or encrypted. Texts are easily intercepted, often sent to an incorrect number, and can be stored indefinitely on third party wireless service provider servers. This being the case, texts should not include a patient’s protected health information.
5. Managing Emails and texts to patients
More and more, patients want dentists to communicate with them using email and text. The easiest way to accommodate these patient requests is to use an email or text messaging system that encrypts messages.
You could also ask for patient consent to the use of unsecured emails or texts, but this would require careful wording in paperwork. If you want to make it easier on staff, your practice, and your patients — allow Curogram to do the heavy lifting. Speak to one of our onboarding specialists today.
