The Health Insurance Portability and Accountability Act (HIPAA) protects your patients in many ways. It ensures no entity abuses their rights, their protected health information (PHI) is secure from malicious malpractice and standardizes processes for sharing PHI with consent knowledge.
Violating HIPAA puts your patients in danger. Any breaches of conduct, therefore, will lead to serious consequences, from fines to potential imprisonment. Keep your patients safe and avoid these three common HIPAA violations in dentistry.
1. Improper Disposal of Protected Health Information (PHI)
Like handling the disposal of hazardous waste in your office, there is a proper way to get rid of a patient’s PHI. According to the American Dental Association (ADA), as a general rule of thumb, it’s good to retain adult records up to 10 years after their last visit and at least five years for a minor after they reach the age of 18. Some states’ record retention limits vary.
Proper disposal of PHI—after the required retention time passes—ensures no one gains access to the information and officially renounces you from responsibility. The safest way to destroy these records includes the following:
- Shredding, burning, and pulping hard copies and prescription labels
- Using a reliable disposal vendor
- Overwriting software and purging electronic records
- Destroying (e.g., disintegrating, incinerating) devices you no longer use that stored ePHI
2. Stolen and Lost Devices Containing Patient Information
Electronics provide many benefits, from enhanced communication to streamlined administration systems. However, like hard copies of PHI, people can steal your devices, putting patient records in the hands of unauthorized and potentially malicious people. Even though someone else stole from you, your office still faces HIPAA violations.
One of the most common HIPAA breaches occurs from stolen devices that contain electronic records. Implementing proper security measures in your dental office lowers your risk of stolen devices.
Storing all devices that contain ePHI in a separate and secured room also further keeps your electronics and records safe from intruders. The more safety systems and protocols you put into play—especially ones that comply with HIPAA standards—the less intense your penalty.
3. Improper Communication Methods Used for Sharing PHI
Heightened and digital communication forms are important for establishing and maintaining patient relationships, employee productivity, and expanding your office and services’ accessibility. However, when discussing and sharing authorized PHI transfers, electronic communication makes you vulnerable to hackers, phishers, and other digital malpractices.
Many dental offices hold HIPAA violations for lacking properly encrypted and secure network systems when communicating electronically. Make sure all digital communications occur using enhanced digital security measures, from password protection on electronic files to using secure message portals that require two-step identity verification.
Don’t fall into the trap of these three common HIPAA violations in dentistry, and properly train your dental office on HIPAA standards with Gamma Compliance’s HIPAA compliance training manual. The best prevention method for avoiding a breach of compliance is proper training. Keep your eye out for these common violations, and make sure your patients and their PHI stay safe.