Dr. Kim York’s goal is to provide the highest level of dental care with integrity, respect, and compassion for patients. Her practice equips patients with the knowledge and ability to maintain optimum dental health. But her commitment to patients goes deeper.
York is among a group of dentists who have started performing security risk assessments (SRAs) to help safeguard patient health information (PHI). This helps her patients rest assured that her team is taking all the measures needed to keep their information safe.
The Challenge
Most large healthcare organizations are aware that regular SRAs are no longer optional. Instead, they are required and stringently enforced. The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules require organizations that handle health information to routinely review the administrative, physical, and technical safeguards they have in place to help ensure the security of PHI. SRAs are also a mandatory requirement for providers seeking payment through the Medicare and Medicaid EHR Incentive Program, commonly known as the Meaningful Use Program.
Many dental practices are not as aware of the security requirements outlined in an SRA. “We weren’t informed about the mandate to conduct SRAs until we read an article in a magazine we routinely receive from Henry Schein, our equipment and supplies provider,” says Charles York, office manager for the practice. “We’ve all heard of HIPAA and had training, yet we did not realize SRAs were required.”
The Solution
Dr. York’s practice was proactive in protecting PHI, including exchanging encrypted email with patients. But York’s team knew there was more far more needed to ensure the privacy of patient data. They began looking into SRAs and their value in mitigating the risks of data loss and security breaches.
After reading the article in Henry Schein’s magazine and attending a webinar hosted by Henry Schein TechCentral and ClearDATA on the SRA process, Charles York contacted ClearDATA and partnered with them to conduct regular SRAs.
“We realize that a data breach or loss would be devastating,” says York. “Most professionals in healthcare think it will never happen to them, but if it did, it would bankrupt any practice. We saw the importance and went to ClearDATA because they have healthcare-specific expertise, a strong partnership with Henry Schein, and a very thorough and expert approach to SRAs.”
The Results
ClearDATA now conducts regular SRAs at Dr. York’s practice, bringing experience and insight to every audit. Although the recommendations of the first SRA were almost overwhelming, Dr. York’s team gained solid foundational information. They now have keen insight into their specific needs for all 51 HIPAA rules.
Says York, “Now, we are well on our way to understanding and acting on what we have to do to safeguard PHI and become fully HIPAA-compliant. Most of all, we realize SRAs are mandatory, and we’re taking action to protect our patients’ information – and our business.”
