Webinar: Your Patients Care About HIPAA Compliance in Your Dental Practice
Included in the webinar:
- Do my patients care about HIPAA compliance?
- What are the fines for not following HIPAA?
- What is the likelihood of a data breach in my dental practice?
- How can HIPAA differentiate my practice and build patient loyalty?
During the webinar Dr. Lorne Lavine and Mr. Rohit Joshi, LL.B will answer your questions about HIPAA compliance and provide solutions for the secure services your patients are looking for.
Subscribe to Brightsquid Today!
Sign up to Brightsquid and start using Secure-Mail for secure messaging with specialists, dentists and labs.
Patient Privacy Laws - HIPAA, HITECH, PIPEDA etc.
Email is NOT compliant with patient privacy laws and does NOT maintain doctor-patient confidentiality.
- HIPAA - Health Insurance Portability and Accountability Act (1996)-USA
- HITECH - Health Information Technology for Economic and Clinical Health Act & HITECH Safe Harbor -USA
- PIPEDA - Personal Information Protection and Electronic Documents Act - Canada
- Additionally there is significant Provincial/State legislation as well as professional dental bodies that have established very specific guidelines for the handling of patient information.
- PHI - Protected Health Information. The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.
There are many examples of penalties and corrective action issued for organizations that were not following patient privacy laws. For more information please visit the HIPAA/PIPEDA Enforcement page.
Patient Security Concerns
59% of Americans are concerned about a patient data breach in healthcare organization- Lieberman Research Group 2013.
- Common patient privacy concerns
- HIPAA patient rights
- Using email to communicate with patients
- Patient appointment reminders
Data Breaches and Fines
- HIPAA fines and enforcement
- Breach requirements
- Cost of a breach
- Loss of reputation
- Patient privacy materials
- Safeguarding protected health information you share
- Secure Patient Portal
- Upgrading your email and communication services
Does Secure-Mail address text messaging? I find patients like to communicate via text?
Not as of today, but it is something we will be looking into. We offer free upgrades every six to eight weeks to all of our customers as we release new product improvements. Keep watching!
What if I have Secure-Mail but my specialist doesn't? Can we still email?
Yes. Secure-Mail™ offers full collaboration and two-way communication. Your colleague will need to join the network to safeguard patient privacy and maintain HIPAA compliance. This can be done in a number of different ways:
- My 25 - With your Dentist subscription to Brightsquid you get the "My 25" package. This allows the account holder to choose up to 25 colleagues that they regularly communicate with on confidential matters. When you register a user, you are providing them with a subscription to Brightsquid, where all communication between you and your registered recipient is stored and archived on the system. Typically 25 colleagues are more than enough for most dental practices. In a typical scenario, we see a dental practice communicate with a maximum of 5 labs and 5-10 specialists. This still leaves 10 additional users to add to "My 25".
- Free Accounts - if you are just sending the occasional email, your colleague can sign up for a free account on Brightsquid. With this free account communication is not stored on the system and will not be accessible after 14 days.
- Your colleague can purchase their own account. This is the most common situation, as most dental professionals prefer their own account. With the low cost to get started with Secure-Mail™ we find this option very popular.
Can you recommend a system for encrypting USB? Can you give us the name of in office backup system, fire safe?
Dr. Lavine has a considerable amount of experience helping dental practices get HIPAA compliant. Please contact him for more information and guidance on proper safeguards within your dental practice.
Can Secure-Mail connect to my Practice Management Software?
Yes. With the Secure-Mail™ Practice Management Software (PMS) connection you can launch Secure-Mail™ directly from your desktop or within your PMS. Please note that the connection is limited to certain PMS solutions, please contact our office for more information.
Is there a limit to the number of messages I can send per month using Secure-Mail?
No. There are no limits to the number of messages you can send using your $39.99 Dentist subscription of Brightsquid Secure-Mail™. Brightsquid offers customers unlimited data with their registration, the only limit we place on this is to prevent abuse and takes effect at the terabyte level. Please contact our office if you would like more information on data storage.
Any initial start-up fees?
No. There are never any installation fees to use Brightsquid Secure-Mail™. We only charge the monthly fee of $39.99 for the product. For more information on Secure-Mail™ setup please contact our office.
Is there a package for dental specialists?
Brightsquid has a subscription package designed for dental specialists like yourself, with a number of specific features to help build and maintain your referrals. Please contact our office for more information as well as a demo highlighting these exciting features.
Is there a cost for updates to Secure-Mail service?
No. We are happy to offer free updates to Secure-Mail™ every six to eight weeks to all of our customers as we release new product improvements.
Can you elaborate more on written consent for marketing?
The HIPAA Omnibus rules established new limitations on the use and disclosure of Protected Health Information (PHI) for marketing and fundraising purposes. These requirements typically relate to marketing where a financial relationship and remuneration is involved. If your practice is receiving a financial incentive or commission based on marketing, written consent is required from your patients before and marketing can take place.
HIPAA regulations refer to practices that transmit Protected Health Information (PHI) electronically. So, if there is no electronic PHI being transmitted by or for the practice, then HIPAA does not apply - correct?
According the US Department of Health and Human Services a covered entity is a "Health care providers who transmit any health information electronically in connection with certain transactions, health plans, or health care clearinghouses." The definition of a covered entity has not changed with the recent HIPAA Omnibus rules. Most health care providers are considered Covered Entities, as "electronic exchange" includes: health care claims or equivalent encounter information, health care payment and remittance advice, coordination of benefits, health care claim status, enrollment or disenrollment in a health plan, eligibility for a health plan, health plan premium payments, referral certification and authorization. If your practice does not exchange any of this type of information electronically, then no, you would not be considered a Covered Entity.
Where do you find out what the State laws are?
According to the U.S. Department of Health and Human Services: "In general, the Privacy Rule overrides (or preempts) State laws relating to the privacy of health information that are contrary to the Rule. Any provision of State law that is not contrary to a provision of the Privacy Rule will remain in full force and effect, so that covered entities will continue to have to follow such State laws in addition to the Privacy Rule."For more information on the privacy requirement for your State, please contact your State Department of Health Services.
What way can our practice have a backup plan for disasters that may strike?
Disaster recovery planning is one part of a complete business continuity plan and should be in place for your practice. Aspects of a disaster recovery plan will include planning for many different types of incidents that can occur for your practice, including natural disasters as well as man made disasters. Obviously, this would involve encrypted, off site back-ups for your patient data and also for your email. Of course if you were using Secure-Mail™, your email would automatically be backed up as per HIPAA requirements.
A complete disaster recovery plan is beyond the scope of this answer, but we would direct you to Wikipedia as one place to start.
Would an office be HIPAA compliant if they have informed patients about emails being unsecure, get a written confirmation of this and then receive an unencrypted email from that patient and email them back with an unsecure email if they then delete those emails and don't store them?
If you have taken all of the steps as described; informing and getting written consent from your patients regarding the risks involved, you have covered the current requirements in the HIPAA Omnibus rules. However, if you receive an email in an unencrypted format, you must take all precautions in your email to ensure that you have met all of the HIPAA requirements for storage. If you do delete the messages that you have received as well as any email that you have sent, you must ensure that you have actually deleted all email messages containing PHI. Ensure, for example, that the offending email messages are deleted from every device, and then further deleted from the trash. For complete auditability, we would further recommend that you log every email interaction that has occurred, including the date/time of the communication as well as the information that was conveyed in the message.
We would still recommend using Brightsquid Secure-Mail™ to protect your patient’s sensitive information, as it can be difficult to follow the steps required and confirm the final disposition of the data on your computer or email system. Brightsquid Secure-Mail™ makes HIPAA compliant communication easy; we have the proper safeguards built into the system such as: encryption, auditing, user access codes, etc. including the tracking and confirmation of the final disposition of data.
Have you been in contact with Denticon in term of integrating with them? Does Secure-Mail work with Curve Dental at this time? Are there plans to integrate with Curve?
We are still working on the Practice Management Software connection with cloud-based products, such as Curve or Denticon. We offer free upgrades every six to eight weeks to all of our customers as we release new product improvements. Keep watching!