Protect Data with a Security Risk Assessment

By Thomas Grover, Henry Schein TechCentral

Security Risk Assessment

The terms data loss and data breach are enough to send chills down the spine of any dental practice. And with good reason. The legal fees, remediation costs, restitution, fines and negative media exposure can be hard to recover from and can have a lasting impact on your practice. In short, not only do you need to protect your bottom line, but also the privacy of your patients and your reputation.

The serious risk associated with a data loss or breach is exactly why HIPAA mandates that you conduct an annual Security Risk Assessment (SRA). A properly conducted SRA is the first step in identifying potential information security risks that you can then address by implementing solutions to improve your practice and keep it HIPAA compliant.

Generally speaking, an effective SRA provides a large scope analysis that evaluates data collection and storage, potential threats and vulnerabilities, current security measures and the likelihood and potential impact of threat occurrence. Additional assessments may be required, depending on the unique needs of your practice. An organized report reviewing the findings of the assessment is also required. For example, a dental practice would need to examine and document the following areas of its practice as part of a SRA:

  • Review of Protected Health Information (PHI) inventory to determine where electronic and other data is located
  • Examination of the three security safeguards: administrative, physical, and technical
  • Examination of the practice according to the latest Omnibus rules
  • Assessment of current operations for HIPAA compliance, including safeguards in place, as well as vulnerabilities and specific threats to safeguards
  • Evaluation of existing security policies and procedures
  • For Dentrix users, learn more about the types of security policies and procedures you can implement by reading this Dentrix eNewsletter article: 4 Tips for Addressing Security Threats in Your Practice

Although you can perform your own SRA through a tool provided by the Department of Health and Human Services, many practices are choosing to hire a third party to conduct their SRA because they find the process complicated and time-consuming. Others are worried about making mistakes or not knowing the best path to remediation. Since your time is likely better spent doing what you do best—focusing on your patients—let TechCentral’s partner ClearDATA help you avoid the stress by conducting your SRA for you.

ClearDATA has conducted thousands of successful assessments. Known for being affordable, quick, effective, and comprehensive, ClearDATA prides itself on going above and beyond the basic SRA requirements. For example, many assessment providers overlook examining the three safeguards required by 45 CFR 164.308 (a)(1) — administrative, physical, and technical, including the latest Omnibus rules, which ClearDATA considers essential to the evaluation. ClearDATA’s post-assessment report is also incredibly comprehensive, includes detailed vulnerabilities and remediation recommendations and is audit-ready. By using the Common Security Framework and complying with the Health Information Trust Alliance (HITRUST) standards, you can be certain that your assessment through ClearDATA will be comprehensive and top of the line.

Contact TechCentral at (877) 483-0382 or visit to learn more about how a SRA through ClearDATA can protect, and even improve, your practice.