ABYDE FOR NORTH CAROLINA MEDICAL SOCIETY MEMBERS

It's time for stress-free compliance.

Request a demo
  • EASIEST SOFTWARE YOU’LL EVER USE

    And if we’re being honest, easy is an understatement. All companies say it, but we are so confident in the simplicity of our software that we will prove it.

  • ‘HANDS OFF’ APPROACH

    We automate it all – from notifications about training to policy generation. Can you imagine not having to set your own reminders?! Go ahead, focus on your patients – we will ping you with the important stuff.

  • CUSTOMER SUCCESS TEAM LIKE NO OTHER

    We will meet you where you are – whether that’s by phone, chat, or email. It’s tough stuff in the tech space, but our customers love us as much as we love them.

  • STATE BY STATE, LAW BY LAW

    No matter what state your practice is in, our solution is for you — from sea to shining sea. We know our stuff and dedicate ourselves to staying on top of the latest state and federal changes so you don’t have to.

  • MORE THAN JUST SOFTWARE

    With us, you get more than policies and software. We offer Master Classes, newsletters, and more to keep you up to date. At the end of the day, we are proud to lead with education.

"The toughest part of HIPAA is complying with the rules. Abyde’s step by step system removes the complexity and therefore the worry of complying with the rules. Plus, Abyde reminds me to stay up to date, keeping me in continual compliance!"
Dr. Robert Bass
"The ease of the Risk Assessment is definitely my favorite. Abyde is very good at keeping us on track. The training programs are great as well."
Brenda Anderson
"I love how Abyde continually sends notifications to update information so we can stay current with all compliance issues. Above all, you will not find a more economical choice that provides all of the resources needed for compliance in your medical practice."
Amy Rogers

LATEST COMPLIANCE NEWS

HIPAA Compliant Password Management

Strong Passwords, Secure Patients: Protecting PHI in Healthcare

July 23, 2025   While Password123 might be easy to remember, it might not be the best password.  In our current healthcare landscape, intertwined with technology, from EHR systems to patient communication, it’s time to upgrade password security. A strong password and other layers of protection are key to keeping your practice’s logins secure and, ultimately, patient Protected Health Information (PHI).  Thorough password management might be the deciding factor in stopping a major breach.  Just look at the Change Healthcare debacle. Billions of dollars lost, systems crashed, insurance claims in limbo, and over 100 million patients exposed. At the root of this? Missing multi-factor authentication (MFA).  After major breaches caused by poor password management, it’s time to prioritize your passwords and adhere to best practices.   Ditch the Default Password Let’s face it. It’s tempting to use passwords everywhere. However, it’s a password security red flag.  When it comes to passwords, we recommend at least eight characters with several unique characters, including a number, an uppercase letter, a lowercase letter, and a symbol.  This enhanced security makes unauthorized account access more challenging. Also, if one account is compromised, the breach can be more easily contained than if all logins shared the same password. On that note, ensure all staff have their own logins. This isn’t just about stopping password sharing; it’s about giving your practice the power to keep a close eye on who’s accessing Protected Health Information (PHI) and quickly spotting anything out of the ordinary.    When in Doubt, Change it Out  We also recommend changing passwords at least three times a year, keeping account access current, and making unauthorized users’ access more difficult.  Regular password changes help mitigate risk if an older password is exposed in a data breach, and make it harder for hackers to brute-force guess your password. They also ensure that anyone who has lost access to your accounts, such as offboarded staff, cannot continue to access systems.  By consistently making password changes a part of your security routine, you create a dynamic defense that significantly reduces the risk of unauthorized access.   Your Password’s Best Friend: Multi-factor Authentication On top of having a secure and current password, having MFA enabled on all your accounts is key to keeping PHI safe.  Just like peanut butter and jelly, passwords and MFA are a perfect pair. MFA is that crucial next step, providing an extra layer of security that makes a major difference in keeping your information safe. Common MFA examples include a text, a random code generated, or even through an automated call. That extra protection ensures that the person logging in is authorized and authenticated.  This extra level of protection ensures that when someone tries to log into your accounts, it’s truly you. It’s all about verifying and authenticating that the person accessing the account is authorized. With MFA enabled, a hacker won’t be able to log in without that unique code sent to your phone, an app, or even your email. This significantly increases the difficulty for unauthorized access, giving you peace of mind that your PHI remains secure.   Securing your Compliance Program  The sheer volume of tasks can make managing compliance feel like a full-time job, from multi-factor authentication to complex password policies and regular access reviews. While it’s easy to feel overwhelmed, your practice can streamline this with the right solution.  Smart software simplifies compliance for your practice by sending out compliance reminders, such as when it’s time to change your password, providing best tips and practices, and automating policies and procedures for your practice.  Meet with an expert today to see how you can streamline compliance for your practice. 

Read More »
HIPAA Fines in Dentistry

The Bite of HIPAA:  True Stories of Dental HIPAA Fines

July 15, 2025 Running your dental practice comes with its unique set of challenges. You’re wearing multiple hats, and it’s a stressful fashion statement. While OSHA is always on your radar, just from the nature of dentistry, forgetting about HIPAA can be costly.  While you think your practice would never be in the hot seat, small dental practices, you’d be mistaken.  See how to avoid these common pitfalls in your dental practice, allowing you to continue running it effectively.    Time is of the Essence: Right of Access Under the HIPAA Privacy Rule, HIPAA not only defines how Protected Health Information (PHI) needs to be secured but also how it needs to be shared with authorized parties. Right of Access is a part of this rule. This rule requires healthcare providers to deliver requested patient records within 30 days of the patient’s request.  Gums Dental Care, a small Maryland dental practice, was fined for violating this HIPAA requirement. The patient initially requested their records in April 2019. The practice did not provide records until May 2022.  The patient alerted the Office for Civil Rights, which started a long, overwhelming journey for Gums Dental. The OCR intervened countless times, requiring the practice to provide the patient with their records.  The dental practice continued to refuse to provide the patient with records, leading to more legal battles, money, and time wasted.  The grand finale? Over three years from the date of the first request, and countless interventions from the OCR, the practice was fined $70,000.   Less is More As the saying goes, “If you can’t say anything nice, don’t say anything at all.” This rule applies to all forms of communication and also works to avoid HIPAA violations.  While social media brings people together, you must tread a fine line when handling PHI and posting online. One part of this is responding to patient reviews.  You cannot confirm or deny that a patient attended your practice, even if the patient is talking positively about their experience there. If you’d like to use someone’s story for marketing materials, like a before-and-after photo of their smile, ensure they sign a consent form.  If someone leaves a negative review, you cannot defend your practice by sharing information about the patient. For example, if a patient consistently posts bad reviews but fails to mention that they are always late, you should not call them out publicly online. Instead, address the issue privately and communicate with them securely. Dentists have been fined for social media violations. Dr. U. Phillip Igbinadolor, a dentist in North Carolina, lost his temper after a patient left a negative review on the practice’s Google page. After the dentist posted PHI in response, ridiculing the patient, the patient reported him to the OCR.  As a result, the OCR fined the practice $50,000, showing that the price of failing to simply “keep your words to yourself” can be extraordinarily steep.   Coming Clean is Key With cybercrimes in healthcare skyrocketing and large data breaches due to ransomware attacks increasing by 264%, having the proper safeguards in place is crucial.  While no practice can be completely immune from a breach, the right barriers in place can mitigate risk and minimize impact. However, if your practice is breached, you must notify the OCR and patients quickly.  Under the HIPAA Breach Notification Rule, patients must always be notified within 60 days, regardless of the size of the breach. If the breach affects fewer than 500, your practice must inform the OCR within 60 days after the calendar year in which the event occurred. If a breach affects more than 500, the OCR, and depending on the state, the Attorney General, must be notified within 60 days as well.  The Indiana Attorney General recently fined Westend Dental, a multi-location dental practice in Indiana, for its response to a ransomware attack.  While the breach occurred in October 2020, the practice did not alert the required parties until October 2022, two years after the initial attack. The Attorney General began investigating this attack after a patient complaint, and it was then discovered that the practice attempted to cover up a ransomware attack.  The investigation discovered that, in addition to violating the HIPAA Breach Notification Rule, Westend Dental had improper training, unprotected servers, no Security Risk Analysis (SRA), missing policies, and more.  The outcome? A $350,000 fine from the Attorney General, highlighting the importance of proactive compliance and properly notifying affected parties after a healthcare breach.    How to Protect Your Dental Practice While compliance for your dental practice might feel overwhelming, the right solutions can streamline your compliance program.  Smart software solutions can pinpoint vulnerabilities and provide actionable insights to avoid common pitfalls dental practices face. The right compliance software can also provide a comprehensive hub for everything HIPAA-related for your practice, including right of Access training, social media guidelines, and the SRA.  Meet with a compliance expert today to learn more about streamlining compliance for your dental practice. 

Read More »
Read more

READY TO BE STRESS-FREE?

schedule a demo