Should Dental Practices Attempt to Protect Patient Data on Their Own?

By Chris Bowen, ClearDATA

Security protect patient data

Breaches of “protected” health information (PHI) are on the rise, some shocking in the human error involved. In the first half of 2015, health care had more breaches than any other industry. Data breach reports find that in 60% of cases, attackers compromise a system in minutes.

As scary as that sounds, the biggest challenge the dental industry faces is its inattention to physical security. A ClearDATA analysis of dental practice-related breaches for the past 12 months confirmed the majority of reported breaches were caused by physical theft.

In the Ponemon Institute’s Fifth Annual Study on Medical Identity Theft, 29% of stolen PHI is used to obtain services or treatments, 28% is used to obtain prescription drugs or medical equipment, and 26% is used to obtain government benefits such as Medicare or Medicaid. While patients struggle to clean up PHI, what about the dentist? Should they be held responsible for intentional criminal breaches by outside parties?

The answer is yes, according to the Office of Civil Rights, one of the primary agencies tasked with investigating breaches of PHI. Data breaches can ruin a dental practice’s reputation and finances, with fines potentially reaching more than $1 million.

Dentists in the dark on risks

The nemesis here isn’t just the thief. It’s also the unrealistic expectation that dental professionals should manage, impenetrable IT departments. The actual mechanics of protecting PHI can and should be handed off to infrastructure and security experts, like other activities critical to day-to-day operations.

Look to the experts

A third-party provider such as Henry Schein TechCentral can immediately perform a risk assessment which identifies gaps in security. In addition to storing, managing and securing health care data, TechCentral can educate the office on best practices for preventing physical theft. These include:

  • Keeping paper records in locked cabinets and restricting key privileges
  • Locking laptops and external hard-drives in cabinets
  • Installing data encryption on all computers and devices
  • Ensuring access points to the office and interior records rooms are locked at the close of business
  • Adhering to strict filing procedures to eliminate mistakes such as leaving records out in the open

Continuous vigilance: The security basic for stopping attacks

Thieves are always looking for ways to steal valuable data. In the highly regulated, highly defended environment of a top-tier cloud services provider, access can be restricted and documented right down to the user, application, and file, with unauthorized access attempts immediately detected. Meanwhile, the dental practice can turn its own focus back to caring for patients.

Contact Henry Schein TechCentral at 877.483.0382, option 1, or visit to learn more about how a security risk assessment can protect, and even improve, your practice.

About the Author: Chris Bowen is Founder and Chief Privacy and Security Officer at ClearDATA, a health care-exclusive cloud computing, platform and information security services provider.

Originally published in Sidekick Magazine