Administrators can ensure that secure messaging policies are being adhered to, or PIN-lock an app if the device it is downloaded onto is lost, stolen or disposed of. In addition to safeguards that prevent patient data being saved to an external hard drive, copied and pasted or forward outside of the dental practice´s private network, the messaging platform through which all communications travel monitors activity on the network. The secure messaging apps can also be used on desktop computers, and a time-out feature automatically logs users out of the network when a computer or mobile device is unattended, to prevent unauthorized access to patient data. The authorized users can access patient data and communicate it with other authorized users only after they log in to secure messaging apps which require user authentication via a unique centrally-issued username and password.Īll patient data is encrypted at rest and in transit, so it is perfectly safe to send text messages, share images or conduct video calls over public Wi-Fi services via a mobile device. Unlike email, SMS or Skype, secure messaging is conducted within a private network only accessible by authorized users. A solution to the HIPAA Security Rule is to implement a system of secure messaging. Whereas meeting the Business Associate, privacy and breach notification HIPAA regulations for dental offices can be achieved without too many issues, complying with the HIPAA Security Rule can present a headache for many dental offices. Administrators are also responsible for ensuring HIPAA compliance by Business Associates. Administrators are also responsible for developing “best practice” policies, training dental office employees on the use of the compliant communication system, and for monitoring activity on the system. The administrative HIPAA rules for dentists require that system administrators are appointed to select and implement a compliant communications system. Responsibilities included in the physical HIPAA regulations for dental offices include establishing a faculty plan and a contingency plan in the event of an emergency, and implementing validation procedures to restrict physical access to PHI stored on the computer systems. The physical HIPAA regulations for dental offices concern the security of computer systems and the environment in which the computer systems are situated. The technical requirements also detail the processes and controls that have to be implemented in order to protect PHI when it is at rest or in transit. The technical requirements cover how patient information should be communicated electronically (for example email is not allowed, nor is SMS or Skype).
The HIPAA Security Rule is primarily comprised of three sets of “requirements” – technical requirements, physical requirements and administrative requirements.
#Dental hipaa compliance forms plus#
Information about all these elements of the HIPAA Privacy Rule for Dentists, plus details about signing Business Associate Agreements with any non-employee who has authorized access to patients´ records, can be found in our HIPAA Compliance Guide – a comprehensive guide to the HIPAA rules for dentists, which includes an explanation of the Breach Notification Rule, and the updates to the HIPAA Privacy and Security Rules enacted in the HITECH Act and Final Omnibus Rule.
Although many dental offices are self-contained entities, the HIPAA rules for dentists apply to any dental office that may send claims, eligibility requests, pre-determinations, claim status inquiries or treatment authorization requests electronically.
0 kommentar(er)
