A dental or physician practice typically starts off with limited money and resources. Whatever cash is available is needed for the essential requirements like office space, equipment, personnel, licenses, marketing and daily operations. The business plan does allocate money for computers and technology but the general thinking being- “lets buy whatever desktops/laptops, and other equipment is sale and absolutely needed right now”. Some practices may even start off with using personal laptops and/or let employees bring their own devices like laptops/tablets/smartphones. Decisions made during the startup phase, may end up costing more in the long term, if proper policies and procedures are not implemented with respect to technology usage. This is even more important in lieu of HIPAA privacy and security rule requirements.
Every healthcare practice should have policies that address:
- Acceptable and unacceptable use of business computer systems with respect to internet usage, email, downloading unapproved third part applications etc.
- New hire training.
- Employee termination to ensure that an individual no longer employed with your practice, does not get unauthorized access to your network and ePHI (electronic protected health information).
- Data backup, retention and destruction policies and procedures
- Use of mobile devices with ePHI- proper usage, reporting loss or theft.
Having well documented policies like these and others with respect to technology usage will serve as a strong foundation as your practice grows. This will ensure that all staff are aware of the expected behavior in the work place and fully understand their responsibilities with respect to HIPAA compliance.