Dental Archives

HIPAA and Cybersecurity: A Dental Practice’s Guide to Compliance

September 19, 2024 Penelope Schweitzer No comments yet

September 19, 2024 Did you know that medical information is one of the most valuable pieces of information for hackers to obtain? A health record sells for ten times the amount compared to a credit card on the dark web. In today’s digital world, technology has brought significant advancements to how dental practices operate, from communicating with patients to reviewing dental records. However, it has also introduced new challenges related to practice safety. Implementing strong cybersecurity measures is crucial for protecting your patients. Let’s dive into how to safeguard your practice and keep your patients safe in today’s cyber world. Complete a Security Risk Analysis (SRA) A requirement under HIPAA, the Security Risk Assessment (SRA) sets a benchmark for your dental practice’s compliance. The SRA highlights risks your practice might face, including technical safeguards and recommended cybersecurity measures. By monitoring the existing measures, you can identify non-compliant gaps and learn best practices to better protect your organization. Establishing a strong foundation for your practice brings you one step closer to HIPAA compliance by showing you how to keep your patient data secure. Establish Access Controls One of the most common HIPAA violations is improper access to electronic Protected Health Information (ePHI). Robust access controls are essential to prevent this. Each staff member should have a unique login with permissions strictly aligned to their job duties. These logins should also require staff to change their passwords periodically, including at least eight characters with symbols, numbers, and lowercase and uppercase letters. This safeguards sensitive patient data and facilitates effective monitoring for potential security breaches. Additionally, monitoring employee activity helps ensure access privileges are used appropriately. Encrypt all ePHI Encryption, or encoding data so that it is unreadable by unauthorized users, is a staple of having strong cybersecurity measures in place for your practice. It should be used on all devices storing sensitive data and facilitating patient communication, ensuring that only authorized individuals can access it. Encrypted data and devices can protect sensitive information if a work laptop falls into the wrong hands. Another cybersecurity best practice is to enable remote deletion on the computer so that it can be wiped from another functioning device. Overall, encryption serves as an additional barrier to protecting patient data and keeping sensitive information secure in dental practices. Ensure Adequate Cybersecurity Training for All Staff It is crucial to ensure that staff understand expectations and cybersecurity best practices to keep patient data safe. Training is important to help staff understand how to handle sensitive information and how to share ePHI (electronic protected health information) securely. Thorough training will empower staff to maintain the security of patient data and uphold the best cybersecurity practices, helping create a culture of compliance in your practice. Outsource IT Automating your HIPAA compliance program with secure software helps protect your practice and streamline compliance. Additionally, outsourcing your IT measures is another responsibility your organization can delegate to an expert team. Expert teams can monitor your cybersecurity health and provide penetration testing, emulating whether your practice can handle a hacking attack. With specialized healthcare IT support, your practice can rest assured that the proper firewalls, encryption, and other protections are in place to safeguard it. The Future of Cybersecurity in Dentistry Robust cybersecurity measures are essential in today’s dental industry. The OCR continues to lead cybersecurity efforts and is starting to impose fines on practices affected by cybercrimes. By ensuring that your dental practice is HIPAA compliant and follows cybersecurity best practices, you can protect your practice’s success and the safety of your patients’ information. To learn more about the best cybersecurity practices for your dental practice, schedule a HIPAA consultation with a compliance expert today.

Fines, HIPAA

HIPAA for Dental Practices: Avoid the Most Common Fines

June 26, 2024 Gaurav Modi Comments Off

June 26, 2024 Did you know that as of 2023, less than half of dental offices in the United States are fully HIPAA compliant? Dentists play a crucial role in maintaining oral health and ensuring the safety of their patients’ Protected Health Information (PHI). Although HIPAA regulations can be complex, it’s essential to understand and comply with them to protect your dental practice and patients. This article explores the most common HIPAA fines for dentists and how you can manage them. Right of Access Under HIPAA, patients can access their medical records within 30 days of the first request and should not be charged unreasonable costs. Dentists have been fined several times for violating this right. A practice in Georgia took over a year to provide a patient with her medical records after she refused to pay a $170 copying fee. This incident violated the 30-day timeline, and the fee was also deemed unreasonable, resulting in a fine of $80,000. To uphold a patient’s right to access their medical records, it’s vital to manage record requests promptly and organize them. It’s also essential to avoid charging excessive fees for accessing these records. If you’re unsure about what would be considered a reasonable fee, the OCR has issued guidance suggesting a flat fee of a maximum of $6.50 for accessing records. Social Media Usage On top of managing your practice’s reputation in person, you have to manage it online. Online reviews are a shared resource patients use while selecting a new dentist. 94% of patients use online reviews while choosing a new medical provider. However, while managing your online presence, you must be HIPAA compliant. This means not sharing any of your patient’s PHI in reviews. A dental practice in North Carolina was fined $50,000 for improperly sharing a patient’s PHI online in response to a negative review. The practice shared significant PHI about the patient, which discredited the original review. No matter how inaccurate or false a review may be, sharing a patient’s PHI online is never justifiable. Keeping responses short and sweet is essential to avoid making a social media mistake. Even if someone has shared information in their review, you can’t mention that they are a patient at your practice. It’s essential to use a brief and general response while navigating HIPAA. If you receive a negative review, it’s crucial to stay calm. Getting upset for a few seconds isn’t worth facing thousands of dollars in fines. Next, take the conversation to a private channel. Respond to the comment with HIPAA-compliant communication, such as providing a phone number or encrypted email to further discuss the patient’s experience. Cybersecurity Access In our technology-driven world, most, if not all, dental practices utilize technology to create and store patient data. In recent years, cybersecurity concerns and hacks have infiltrated the healthcare system, with hacking causing 77% of large breaches. Controlling and training staff on technology use is vital for protecting your practice. In a rare case, a HIPAA violation resulted in jail time for an employee at a dental practice. This employee, a receptionist, abused her access to PHI, stealing patients’ identities and making significant purchases with them. She was sentenced to two to six years in prison for her crime. Encrypt and secure information properly to avoid cybersecurity-related fines. Additionally, assign roles and access to employees individually, with every employee having their own login. Periodically review employee access and activity to ensure technology is being used correctly. How Software Can Help There’s a better way to simplify the compliance process for your dental practice. Software offers the ability to streamline your administrative tasks, saving you time and letting you focus on taking care of your patients. Automated and dynamic software helps you be proactive in avoiding these common mistakes, pinpointing your vulnerabilities, and resolving them effectively. Schedule a consultation here to learn more about how Abyde’s intelligent solutions can help create a culture of compliance and protect your practice.

Best Practices, OSHA

Smile with Confidence: Promoting Safety in Dentistry

April 16, 2024 Gaurav Modi Comments Off

April 16, 2024 Happy Toothsday! Okay, okay, yes, we know that was bad. Regardless, we hope you’re having a lovely beginning of the week. Working in dentistry can be very rewarding, You know that confident feeling of rocking a fantastic smile? In dentistry, you get to create that feeling for people every day. However, dentistry comes with challenges, like working with sharps daily and the possible exposure to bloodborne pathogens. Here at Abyde, we’re all about prevention and safety. Today, we’re jumping right into promoting safety in dental offices. By following the right procedures, you can focus on what’s important: creating dazzling smiles! Gear Up for Grins When working at your practice, having the proper Personal Protective Equipment (PPE) is vital. PPE encompasses all the protective gear you need to wear to ensure your safety while working with patients. This includes equipment like: While your masks and gloves might not be the most fashionable statement pieces, by rocking the correct PPE, you can minimize exposure to germs and other dental hazards, keeping you safe. Let’s face it (pun intended!), dentistry can get a little…messy at times. That’s where PPE comes in! Face shields and glasses act as your splash guards, keeping your eyes protected from any flying fluids or debris. Gloves also minimize contact, keeping your hands covered when delivering exceptional patient care. This way, you can focus on creating beautiful smiles without worrying about exposure. Syringe Savvy Using sharps is part of the dental world. That’s why we recommend the latest and safest tools. Think of it this way: those fancy safety features on your dental devices aren’t just bells and whistles – they’re game-changers! Sure, change can be a bit daunting, but these innovations are designed to make your practice safer, smoother, and ultimately, more awesome. Some of the common safety tools include: Bite-sized Learning When protecting your staff, training is key. With excellent training, your staff can be equipped with the knowledge they need to be safe. This includes mastering the proper steps for sharps and bloodborne pathogens, two of the most common safety issues in a dentist’s office. These situations can be tricky, but with the proper training, your team can conquer any challenge with ease. How Abyde Can Help We know that paperwork and regulations can feel like a cavity that just won’t quit. That’s why we make it simple. Abyde is a software solution that makes compliance easy. With Abyde, we offer a variety of resources to make compliance a breeze, including training on everything you need for dental compliance. To learn more about what it takes to be compliant in your dental practice, email us at info@abyde.com and schedule a consultation here.

Best Practices, Fines, HIPAA

Most Common HIPAA Violations by Dentists

March 6, 2024 Gaurav Modi Comments Off

March 6, 2024 Happy National Dentist’s Day! In honor of this special holiday, here’s a cheesy joke. What is a dentist’s favorite animal? A Molar Bear! Now, please stop cringing. We apologize for the bad joke, if we could, we would give all dentists who use our software a little … plaque. Ba Dum Tsss. Alright, now back to the more serious stuff. Dentists play an important role in our health, ensuring our smiles stay healthy and bright. However, they also have another major responsibility: following HIPAA regulations and protecting our protected health information (PHI). Sometimes, dentists slip up on their compliance responsibilities. Here are some of the most common HIPAA hiccups dentists face. Stolen Devices: One of the most common HIPAA violations for dentists is improper handling of stolen devices with PHI. In our tech-savvy world, computers and other devices play an imperative role in the dentist’s office, withholding information on patient’s personal information like billing, medical records, and more. If you have a device with electronically protected health information or ePHI, in your practice, make sure it is encrypted, or in other terms, very secure software that makes sure the right people are the only ones who can access it. Additionally, if a device is stolen, make sure remote deletion is set up correctly, letting you delete sensitive data from it with another device. ePHI in the wrong hands can be dangerous, but with the right precautions, you can keep patients safe. Disregardful Disposal: Another common HIPAA violation for dentists is improperly disposing of protected health information. From creation to disposal, PHi needs to be handled securely by your practice and complaint Business Associates (BAs). We’ve seen the after-effects of mishandled PHI, resulting in hefty fines. For example, a practice in Massachusetts improperly threw out PHI, throwing it in garbage bins outside the practice, and was fined over $300,000. Retaliating Responses: On top of managing your practice’s reputation in person, you have to manage it online. A very common HIPAA violation is disclosing PHI through social media and review sites. While I know it can be hard to not defend your practice, keeping your cool for sure feels way better than losing thousands of dollars to a fine. A California dentist practice learned the hard way by being fined $23,000 for disclosing PHI on Yelp in heated responses. The moral of the story? Keep it short, sweet, and offline. If you want to share a customer testimonial or image of a customer, ensure a media consent form is signed. Now, those are some of the most common HIPAA violations by dentists. Dentists have a lot on their plate, and sometimes, compliance falls on their list of priorities. That’s where Abyde comes in. We’re here to help make compliance simple for your dental practice, with a plethora of compliance resources. We pride ourselves on our efficiency, like turning the daunting Security Risk Analysis (SRA) into a minutes-long questionnaire, pinpointing everything you need to know for your practice. This results in a scorecard, with best practices to avoid HIPAA violations, including the ones mentioned above! The Abyde software also includes engaging training (that does not require you to shut down your practice for all to complete), dynamically generated policies and procedures, documents, like the media consent form, and more. We’re here so you can focus on what’s important, taking care of patients. Have a wonderful Dentist’s Day, and relax, let us take care of the compliance. For more information on how Abyde can simplify compliance for your practice, email info@abyde.com and schedule a consultation here.

Fines, OSHA

Brushing Up on Whistleblower Rights – No Fillings Required!

August 11, 2023 Gaurav Modi Comments Off

August 11, 2023 Navigating the world of workplace safety can sometimes feel like scheduling a dental appointment – necessary but often anxiety-inducing. But just as we prefer our dental check-ups to be cavity-free, our workplace environments should be risk-free. A recent court judgment highlighted that when it comes to voicing concerns, it’s not just about flossing daily but standing up for safety! In Peoria, Dr. Monzer K. Al-Dadah probably thought he was pulling a fast one (and we’re not talking about teeth) when he terminated a dental assistant for raising concerns about coronavirus infection risks. This wasn’t just any dental assistant, mind you, but one with more than two decades of service – perhaps old enough to remember the pre-electric toothbrush days! When Dr. Al-Dadah learned of an anonymous safety complaint to OSHA in March 2020, he tried to ‘drill’ down to identify the whistleblower. Unsuccessful in his detective efforts, he chose to let go of the dental assistant. The assistant filed a complaint with OSHA, showing the resilience of a tooth that refuses to get extracted. Fast forward a bit, and OSHA, acting like the dental hygienist who discovers you’ve been skipping your nightly brush, wasn’t too pleased. They determined a clear breach of whistleblower protections. This led to Dr. Al-Dadah being ordered to cough up $20,000 in back wages – that’s a lot of dental floss! Denise Keller, the OSHA Assistant Regional Administrator in Chicago, summed it up with a reminder that workers should feel as confident voicing concerns about safety as they do showing off those pearly whites after a cleaning, “Employees must be able to exercise their legal rights regarding workplace safety freely and without fear of retaliation.” All in all, just as we’re advised not to be lax with our oral hygiene, it’s clear we shouldn’t be lax about workplace safety either. For those curious about whistleblower protections, OSHA’s Whistleblower Protection Programs webpage is as enlightening as that little mirror your dentist uses. Here at Abyde, while we can’t help with plaque, we’re all in for promoting workplace safety and transparency with a dose of humor! Remember, when it comes to safety, always brush and floss (or voice concerns) daily!

Best Practices, HIPAA

The Expiration of Telehealth Waivers for Dentists: Navigating the Future of Remote Dental Care

May 23, 2023 Gaurav Modi Comments Off

May 23, 2023 Over the past couple of years, telehealth has revolutionized the healthcare industry, including dentistry. However, as the COVID-19 pandemic wanes and the healthcare landscape evolves, the telehealth waivers that allowed dentists to provide virtual care through non-compliant platforms are expiring. Let’s explore the implications of these expiring waivers and how dentists can navigate the future of remote dental care. The Rise of Telehealth in Dentistry: Telehealth emerged as a crucial tool during the pandemic, enabling dentists to connect with patients remotely for consultations, follow-ups, and non-emergency care. These waivers expanded access to dental services, particularly for underserved populations, reduced unnecessary in-person visits, and improved overall patient experience. Dentists embraced telehealth to ensure continuity of care while minimizing the risk of virus transmission. Implications of Expiring Waivers:Using platforms like Apple Facetime, Skype, Zoom, and other non-public facing platforms were part of the Notice of Enforcement Discretion the OCR laid out in March of 2020. Now that virtually every EHR/PM solution and other technologies have emerged over the last 3 years, practices can easily implement compliant solutions. Dentistry will always predominantly be an in-person health care service but with the expiration of telehealth waivers, those dentists that found telehealth an important addition to their practice need guidance on which compliant platforms to use. Dentists must evaluate the effectiveness, efficiency, and patient satisfaction associated with virtual care. Additionally, they should consider the legal and regulatory implications of providing telehealth services without waivers and adapt their practices accordingly. Navigating the Future of Dental Care: To navigate the post-waiver landscape, dentists can take several steps. First, staying informed about the evolving guidelines and regulations surrounding telehealth is crucial. • The first step is assessing risks and vulnerabilities through a Security Risk Analysis. This knowledge will help dentists adapt their practices and comply with existing laws. • Second would be to have policies in place to ensure the telehealth services these dentists provide to patients is telling the story of how they are protecting that sensitive patient information. • Finally, investing in technology and software solutions that facilitate secure and efficient virtual consultations can enhance the patient experience and practice efficiency. Conclusion: While the expiration of telehealth waivers poses challenges for dentists, it also presents an opportunity to evaluate and refine the role of telehealth in dental care. By staying informed, embracing hybrid models, and leveraging technology, dentists can continue to provide high-quality care while adapting to the evolving healthcare landscape. Questions regarding HIPAA and OSHA Compliance, please email Abyde at info@abyde.com or call (800) 594-0883

Best Practices, HIPAA

Brushing & Flossing Are Important to Your Practice, Too

January 19, 2023 Gaurav Modi Comments Off

January 19, 2023 You know the drill, no pun intended. The hygienist finishes a cleaning and hands the patient their goody bag full of all the fun things, including a toothbrush and dental floss. While this has become the norm for the practice and the patient, there is a good reason for it. Hygienists are taught to preach good oral hygiene, and it’s no secret that most patients that brush and floss regularly will experience better oral health and require less invasive treatment down the road. But what about those patients who don’t follow the advice or over time fall out of best practice? Yes, we’re looking at you, guy who only flosses the night before their appointment. The patient is typically aware of their intermittent compliance but since they are asymptomatic, they continue hoping for the best and vow to do better after the next cleaning. Then as it usually does, life happens and they cancel their next cleaning. And with the best of intentions, they plan to reschedule but keep forgetting. Disease begins to take hold. If the patient is fortunate, they return to the office before the issue is too serious and it can be resolved with a relatively simple treatment plan. Those less fortunate may require more involved and expensive procedures. So you’re probably wondering by now, how does any of this tie back to Abyde, a healthcare software company? Well, we’ve brought in one of our Abyde Ambassadors to tie it all together. Michael Wilgus shares his experience from the last 20 years in the industry. “Ironically, I have seen a similar scenario in hundreds of practices regarding HIPAA and OSHA compliance. A practice starts out with positive intent and implements what they believe is a strong and complete compliance program. Things get busy, there is turnover, and compliance gets pushed to the back burner. When violations or inspections occur (because they are not an if situation), they are usually due to a knowledge gap or are accidental, and may even be asymptomatic to the practice owner.” With HIPAA, if an event is reported, the Office of Civil Rights (OCR) may choose to implement a corrective action plan (think treatment plan) for the practice. That plan can be expensive, time-consuming, and involve an OCR specialist monitoring your progress regularly for an extended period. The U.S. Department of Labor isn’t missing out on the fun either. They are actively ramping up their OSHA program by hiring more investigators and estimate their budget to increase by 14.7%, going from $612 Million in the fiscal year 2022 to $701 million in 2023. The average penalty levied on a dental practice in 2022 for a HIPAA violation was measured in the tens of thousands of dollars; one estimate shows it to be approximately $45,000. Sacrificing the net revenue from months’ worth of crowns is something most practices cannot afford. When it comes to OSHA, the punch-to-the-gut penalties are nothing to chuckle at. And let’s not forget the recent increase in these dollar amounts. Achieving and maintaining compliance when using services from Abyde takes less time than a patient should spend brushing and flossing, and if we can humble brag for a minute – we make it easy and fun! Brushing and flossing are not only good for your patients but are also good for your practice. Ready to get your practice’s compliance hygiene up to par?

Fines, HIPAA

Fool me once, shame on you… Fool me twice, here’s a Corrective Action Plan

December 16, 2022 Gaurav Modi Comments Off

December 16, 2022 On Wednesday, the HHS Office for Civil Rights announced a settlement with a California dental practice over impermissible disclosure of patient-protected health information (PHI). The practice faces potential violations of the HIPAA Privacy Rule by inappropriate use of social media to respond to patient reviews and disclosing protected health information. OCR Director, Melanie Fontes Rainer, stated, “This latest enforcement action demonstrates the importance of following the law even when you are using social media. Providers cannot disclose protected health information of their patients when responding to negative online reviews.” The practice faces a lofty fine of $23,000 and a Corrective Action Plan that will be monitored by the OCR for the next two years. Within the CAP, the practice is responsible for updating and maintaining all policies and procedures to comply with the Federal standards that govern the privacy and security of individually identifiable health information. Additionally, all members of the staff must receive training within 30 days of the updated policies and procedures to comply with the Privacy Rule within 30 calendar days of the implementation of the policies and procedures. This is the second offense for the same office in the last 5 years. In November 2017, the OCR received a complaint regarding impermissibly disclosed PHI in online review responses. The protected health information included patient names, treatment, and insurance information. Through the investigation, the OCR found other violations including failure to provide an adequate Notice of Privacy Practices and implement Privacy policies and procedures. As a word of advice from your HIPAA and compliance experts, review all PHI and Privacy Rule policies and procedures with any members of your staff that handle online reviews and social media responses. And while you’re at it, for those of you who may use a third party to handle reputation management, check those Business Associate Agreements, and remind them of our best practices.

Audits, Fines, HIPAA

OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA

September 21, 2022 Gaurav Modi Comments Off

September 21, 2022 Boom! Pow! Bang! Three dental practices were sacked yesterday, resulting in nasty bruises and a loss of yards on the play. After heading into the locker room and studying some film, they recognized there were some lessons to be learned in the OCR’s HIPAA Right of Access playbook. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the completion of three investigations in its Health Insurance Portability and Accountability Act (HIPAA) Right of Access Initiative. The OCR’s HIPAA Right of Access Initiative started in 2019 to ensure patients receive their records in a timely and costly manner. With three actions in one day and a total of 20 just this year, we are seeing a 42% increase year over year in the enforcement of the Privacy Rule. The OCR’s effort has now raised the total to 41 Right of Access actions across the span of 3 years, setting a strong example for practices across the country on the importance of maintaining compliance. OCR Director, Melanie Fontes Rainer, states, “Patients have a fundamental right under HIPAA to receive their requested medical records, in most cases, within 30 days. I hope that these actions send the message of compliance so that patients do not have to file a complaint with OCR to have their medical records requests fulfilled.” Here is an instant replay of when three dental practices crossed the line of scrimmage: The first dental practice had a delay of game penalty after failing to provide timely access to their former patient’s records. The former patient didn’t receive a complete copy of their records until October 2020, five months after they filed a complaint back in May 2020. This resulted in a $30,000 settlement and the implementation of a Corrective Action Plan. The second dental practice got a 15-yard penalty for not providing a patient with a copy of her records in a timely or costly manner. The practice refused to provide the records because the patient wouldn’t pay the $170 copying fee. That’s not a fair catch! After the OCR got involved, the dental practice had to cough up $80,000 in settlement and adopt a Corrective Action Plan. Maybe they should’ve read the HIPAA Rule book! The starting running back fumbled the ball when this practice failed to provide a mother and her son with copies of their PHI until after the play clock hit zero. After multiple requests and eight months of waiting, she finally got the medical records in her hands. The dental practice had to fork over $25,000 and implement a Corrective Action Plan. After watching the game footage, there is a clear solution here! Make sure your practice provides patients with timely and costly access to their medical records. Six dental practices have been sacked so far in 2022, which means we have already witnessed a 600% increase solely in the dental space compared to the 2021 season. That is not a statistic you can ignore! You could be next, so we encourage you to make sure you have the right compliance measures in place to avoid these large fines. Is your game plan ready?

California Dental Association Partnership

Partner News

California Dental Association and Abyde partner to deliver HIPAA compliance to dental care professionals

June 24, 2022 Gaurav Modi Comments Off

June 24, 2022 Industry-leading compliance solution provider Abyde announces partnership with California Dental Association and its 27,000 members. California Dental Association (CDA) and Abyde’s recent decision aims to alleviate some of the unique challenges private practices face that impede their patient-first focus. Providers are often overlooking all that HIPAA requires and the time needed to manage and review associated policies and procedures. Abyde solves this problem by streamlining all the processes and taking the guesswork out of compliance. The Abyde software solution is the easiest way for any sized dental practice to implement and sustain comprehensive HIPAA compliance programs. Already used by thousands of practices across the country, Abyde’s revolutionary approach guides practices through mandatory compliance requirements such as the implementation of risk management programs, training for doctors and staff, customized policy documentation, and more. “California Dental Association is an excellent addition to our partners as we continue to grow,” said Matt DiBlasi, president of Abyde. “As we think about what is important to our customers, simplicity and transparency are at the forefront of everything we do. Knowing that CDA holds the same values for its members solidifies our partnership.” “As a CDA Endorsed Service, Abyde will support our members with handling the business side of their practices, so they can focus on providing excellent dental care to their patients,” said Ariane Terlet, DDS, president of the California Dental Association. About California Dental Association The California Dental Association is a nonprofit organization representing organized dentistry in California. Founded in 1870, CDA is committed to the success of our members in service to their patients and the public. CDA also contributes to the oral health of Californians through various comprehensive programs and advocacy. CDA’s membership consists of more than 27,000 dentists, making it the largest constituent of the American Dental Association. For more information, visit cda.org. Read the full press release here.