Imagine, for a moment, that you’re shopping at your favorite clothing store and in your arms is a mix of outfits you are excited about trying on. You walk to the fitting rooms and, to your surprise, you find three rooms, each with a very different design. In the first room, you can actually see the bench and the full-length mirror inside because the walls and door are made of transparent glass. On the plus-side, you notice there is a lock on the glass door to keep people out. The next room has three solid-wood walls and a matching door, but you notice that this door does not have a lock. The third room appears to include the best features of the first two stalls (wood walls and a secure lock on the door).
As a customer, which of these three fitting rooms would you feel comfortable changing your clothes in?
The first room has security (a lock) but no privacy. Everyone in the store can see what’s going on in there! Room two seems like it provides privacy, but without a lock on the door, how private is it, really? And finally, the third room provides both privacy and security. Fitting room designers know that you expect both privacy and security when you’re trying on clothes. The concept of “privacy and security by design” applies to dental practices, too. Your patients expect both privacy and security when it comes to their patient data.
How do you design a practice with privacy and security in mind? HIPAA provides dental practices, and all other organizations that handle Protected Health Information, clear standards to guide them through the process of designing practices with both privacy and security in mind. The HIPAA law provides the following three areas of focus:
- Physical Safeguards. These provide privacy and security standards for your physical office including locks, alarms, angles of monitors, operatory layout, and even the pictures hanging on the walls. This is what our fitting rooms needed to address.
- Technical Safeguards. These provide privacy and security standards for your information technology systems including unique usernames, complex passwords, encryption, auto screen locks, and data backups.
- Administrative Safeguards. These provide privacy and security standards for your workforce. Does the practice have a Privacy Official who understands the HIPAA law and how it applies to dentistry? Does the practice have a published HIPAA handbook? Does the practice provide regular privacy and security training to the entire staff? Are employee sanctions fairly and consistently applied?
As you reflect on this shopping analogy, put yourself in your patients’ shoes. Evaluate the end-to-end patient experience your dental team provides. Design your practice, your office, your technology, and your policies and procedures, with your patients’ privacy and security in mind.
If you haven’t made HIPAA a priority yet, start today. Join our online HIPAA community for dentists at bitesizehipaa.com. Explore and learn for 60 days on us! Please, watch every training course (we call them bites) and explore the tools we’ve created to help ease HIPAA implementation and compliance. There is no risk. Give us a little bit of your time and we'll teach you about the HIPAA law, why it exists, and how - if done right - you can protect your patients and your practice from a variety of very real threats that inherently exist in today’s dentistry.