HIPAA Compliance for Dentists

Challenges facing the dental industry.


There's always a risk factor when sending information electronically, but the stakes are higher for dental providers that send patient information. You can’t afford to let a HIPAA violation impact your bottom line, but the trust of your clients is even more important. All it takes is one unfortunate incident for bad word-of-mouth to critically damage your reputation in the community.

As regulations become tighter and dental offices become more reliant on digital technology, clients are understandably concerned about their privacy. From the storing of patient records to the digital transmission of documents such as X-rays, HIPAA compliance is your responsibility. Avoiding costly noncompliance fines and ensuring your patients’ privacy starts with maintaining proper procedures for handling protected health information (PHI).

Get true end-to-end email encryption with CipherPost Pro® to ensure that your private communications stay that way – and that your dental practice is meeting today’s stringent regulatory requirements.

Works seamlessly with Office 365, Secure Hosted Exchange, and other email platforms.

 


“CipherPost Pro® is an impressive secure email platform that I recommend to my dentist clients. It's super easy for their teams to use. Plus, the private Webmail platform shows patients you're as serious about their privacy as their bank is! Best of all, dental specialists can easily communicate with their referring dentists. There is no better way to transmit files, prevent errant email transmissions, and stay ahead of HIPAA regulations than CipherPost Pro. Heck, I use it myself!

Rick Waters, DMD
Consultant to Dentistry

Dr. Rick Waters


  Learn about the requirements for the dental industry and the available tools that can help you meet those requirements.

 

   Educate yourself on the risks of non-compliance and how CipherPost Pro® can protect you.

If you’re practicing dentistry, you’ll also need to be an expert on email encryption and patient privacy.

Dental practices are among the fastest growing adopters of cloud email encryption because of the need to comply with the HIPAA Omnibus Final Rule. However, where email encryption has even greater impact for dental practices is when it becomes a core communication tool that encompasses secure email, data loss prevention, large file transfer, mobile messaging, web forms and e-statements. The result is a differentiated dental practice that delivers a superior patient experience, more productive employees, lower business expenses and less security risk.

CipherPost Pro® is the Solution

CipherPost Pro is much more than traditional encryption – it’s an information management tool that enables your practice to easily protect and control access to an email message and attachments, even after content has left the outbox. In this age of instant worldwide communications, CipherPost Pro is a critical tool for any business that needs to protect customer information due to industry-levied regulations, but also to bolster trust from customers.

CipherPost Pro® seamlessly integrates into any third-party email infrastructure and/or archiving system. Your dental practice and customers will appreciate the ease-of-use and the intuitive interface, which will help to ease adoption of the encryption service. If you’re requirement is to meet the requirements set forth in the HIPAA Omnibus Final Rule, CipherPost Pro is the solution.

Impact of the HIPAA Omnibus Final Rule on Dental Practices

By now, you should be aware that HIPAA requires dental practices to not only be fully responsible for protected health information (PHI), but also to implement safeguards to ensure the security of PHI. However, many dental practices have not yet become fully aware that the HIPAA Omnibus Final Rule update also impacts their practice.

Email encryption has essentially become a requirement that you will have to meet. Read on to discover three Omnibus Rule changes and the impact of those changes on your dental practice.

Change 1 – Patients can now ask for a copy of records in electronic form.

If your patients haven’t already begun to ask for their records in electronic form, they will and you need to be able to provide those records securely in a fashion that doesn’t jeopardize PHI. CipherPost Pro can instantly meet this requirement by providing encrypted records directly to a patient’s customary inbox, which is the preference of most patients.

Change 2 – Breaches of limited data sets, even if no birthdates or zip codes were included, must now be treated the same as all other PHI breaches.

Expanding the types of incidents that must be reported as a breach increases the risk that dental practices face in terms of potential compliance penalties, legal fees, business disruption and negative press coverage. The onus is on dental practices to invest more in security to minimize the risk of any breaches from occurring, even those of limited data sets. Financial penalties have also been increased to as much as $1.5 million per violation.

Change 3 – If a dental practice can demonstrate a low probability that PHI has been compromised, breach notification may not be necessary.

Apply the following four-factor risk assessment to determine if low probability is accurate:

  1. The nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification.
  2. The unauthorized person who used the PHI or to whom the disclosure was made.
  3. Whether the PHI was actually acquired or viewed.
  4. The extent to which the risk to the PHI has been mitigated.

This change provides a strong incentive for dental practices to use email encryption, which can help to establish the low probability of breach. Value-added features with CipherPost Pro®, such as real-time tracking, message recall, Forward/Reply Freeze and For Your Eyes Only (F.Y.E.O) password protection, can help your dental practice avoid being compromised and having to report breaches. To maintain the trust of your patients, proactive investment in email encryption is a must and CipherPost Pro can make it easy for your practice.

Value Added for Your Dental Practice

Improved Patient Experiences

Given how vital reputation and word-of-mouth marketing is to dental practices, CipherPost Pro® can help your practice to stand out by making communication easier and by making processes more efficient for patients.

Improved Employee Productivity

CipherPost Pro can also help dental practices reduce their dependence on inefficient paper-based processes.

Reduced Business Expenses

CipherPost Pro® actually can deliver ROI because your practice will be able to reduce other business expenses, such as postal fees, fax hardware, paper storage and SMS or voice service appointment reminders. Plus there is no cost or limit to inviting external guest users, which allows CipherPost Pro to become your central communication tool.

Key Features

  • Simplified Secure Communications Exchange allows messages to be securely sent, received and tracked on any device.
  • Large File Transfer lets both sender and receiver quickly and securely share attachments of up to 5GB through email without overloading inboxes.
  • Regulatory Compliance, Electronic Tracking and Discovery supports privacy and security regulations and offers a message Delivery Slip, as well as tracking and discovery logs that show every step of your message from composition and beyond.
  • Customized and Brandable Secure Environment gives your business a tailored professional interface that’s completely secure and easily utilized with existing email environments.

Learn more about CipherPost Pro® at appriver.com/services/email-encryption/

About CipherPost Pro®
The makers of CipherPost Pro believe that email security should complement your email, not complicate it. Our cloud-based solutions for secure file transfer and email encryption work seamlessly with any email to enable secure communication and collaboration anytime, anywhere.

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996. The main purpose of HIPAA is to provide data privacy and security guidelines for the confidentiality of medical information. HIPAA Title II sets very specific standards for processing Electronic Protected Health Information (ePHI). It also requires organizations implement guidelines that secure electronic access to healthcare information so they can remain in compliance with privacy regulations set by Health and Human Services (HHS).

The Risk

HIPAA non-compliance is costly. Not only are violators at risk for hefty fines, but they may also be looking at reputation damage, the subsequent loss of their patient base, as well as time and productivity loss. Take Advocate Health System for example. According to the Office for Civil Rights (OCR), Advocate has been ordered to pay finesin the amount of $5.55 million in the largest HIPAA violation settlement to date for multiple data breaches that occurred in 2013. Two incidents of theft resulted in a total of five laptops being stolen containing confidential patient information including names, addresses, credit card numbers, clinical information and health insurance data. Over the summer of the same year, a business associate’s network was hacked by an outside party. It was determined that the company failed to comply on multiple levels by not physically safeguarding access to their IT system or assessing the risks to its ePHI. Every year, the Ponemon Institute conducts an IBM-sponsored benchmark study on the cost of data breaches. The 2016 study indicated that the average total cost for a single breach was $4 million, up 29 percent from 2013. That breaks down to a $158 fine per record containing sensitive information. Even in a small practice, that adds up quickly. Ponemon also found that criminal attacks are the leading cause of data breaches in the healthcare industry at 50 percent. Accidental employee actions and third party error make up the other half. Hard-copy records still need to be stored and disposed of properly but now, with electronic filing being rapidly adopted, practices must take strict measures to ensure the confidentiality of electronic records as well.

The Solution

So what can you do to protect your practice and yourself from ePHI HIPAA violations? The first step is to be proactive. HIPAA Security Rules enforce the technical safeguard requirement, defined as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” This includes transmission security. Your practice must guard against unauthorized access to ePHI that is transmitted electronically. That is where email security becomes critical. AppRiver is an email and web security expert that has the tools you need to ensure the compliance with technical security regulations. We offer CipherPost Pro® email encryption to help you avoid compliance issues and send your data with confidence.

The Benefits

Why CipherPost Pro®? Think of your email as a postcard and all the places it’s visible along its journey. You don’t want to expose your email to the same risk. CipherPost Pro provides true mailbox-to-mailbox security with just one click from an Outlook plug-in, OWA, or mobile app. Once you click the Send Secure button, you can be sure that your message is securely on its way to its recipient. And a patented delivery slip shows you when your message was received and what the recipient did with it afterwards. With features like FYEO, forwarding freeze, and message recall, you control your encryption. To make it even easier, all CipherPost Pro features are available on the go so you can send encrypted email from anywhere. But most importantly, you can count on CPP to help protect your confidential healthcare information and ensure regulatory compliance for your practice. Dr. Rick Waters, a renowned Consultant to Healthcare, trusts his email encryption to AppRiver and we think you should too. “The flexibility to read and send the most absolute secure and encrypted email is empowering, whether from your office PC, or from your laptop or phone while on-the-road.” AppRiver employs proactive technology such as CipherPost Pro to ensure that all your ePHI is sent within layers of protection before criminals can extract sensitive patient data.


The best defense for your practice.

AppRiver understands that running a dental practice has enough challenges of its own. But being sparing with privacy and security just isn't an option when confidential data is on the line. It also shouldn't be a hassle, and that's why AppRiver's dental solutions make it easy to safeguard your data with our suite of web and email security options.


Contact Information - Let us call you

My Company is based in:

 United States of America

 Europe, the Middle East, or Africa

Services for:

 Business

 Home

 

Number of Users

How did you hear about us?

Comments


Personal information provided by individuals will remain confidential to AppRiver.

Any personal data collected will be used in accordance to our Privacy Policy. This means we won’t sell your information.