On any given day, a dental or a healthcare practice interacts with a number of outside businesses such as blood work /dental laboratories, medical transcriptionists, coding and billing companies, marketing, legal and others. Patient data flows back and forth from these business associates to the dental or medical office. It is critical to know that your patient data is secure not only inside your own practice but also with your business associates.
Studies show that data breaches often occur outside a dental or medical office. It could be a lost or stolen laptop from a third party contractor doing your medical coding/ transcription or someone hacking in to their computer system or even worse one of their employees intentionally stealing your patient data. Medical identity theft is the fastest growing identity theft in the US with over 300,000 people falling victim to it every year. The consequences of a data breach can be disastrous for your patients and your practice.
Regardless of how the data is lost, your dental/medical office (being a covered entity under HIPAA) is responsible and liable for the data breach. You can mitigate the risk by having a signed Business Associate Agreement (BAA) with all your third party business partners who receive, create, maintain or transmit your patient data. The signed BAA demonstrates that the business associate has implemented appropriate administrative, physical and technical safeguards to secure electronic protected health information (EPHI),as required under the HIPAA security rule.
Knowing that your patient data is secure inside as well as outside your office will give you the peace of mind to sleep well at night.