Regulatory challenges with PHI and PFI – Dentists face unique regulatory challenges concerning how they handle patient health information (PHI) and Patient Financial Information (PFI). PHI is subject to HIPAA regulations, and PFI is under the jurisdiction of the Federal Trade Commission (FTC).
The dental industry is known as an industry that is savvy about using technology that makes patient treatments easier to do than the old-style stand-up dentistry. Now, dentists sit while working and use advanced instrumentation and diagnostic tools when providing care for patients. In addition, many providers in the dental industry have adopted automated computer billing for patients and their insurance companies. Likewise, many dentists use electronic medical records in their practice.
The question is, would you trust your IT support to an Office Supplies store? Sure, no healthcare professional would answer affirmatively, so why do they put an office manager or office clerk in charge of IT? Basically, it is the same thing. They lack knowledge and technical ability.
What are the Dangers of Inadequate IT Support in a Dental Office?
Dentists face unique regulatory challenges concerning how they handle patient health information (PHI) and Patient Financial Information (PFI). PHI is subject to HIPAA regulations, and PFI is under the jurisdiction of the Federal Trade Commission (FTC). Sometimes they work together.
These agencies take enforcement of privacy seriously, and, fines for violations of the HIPAA privacy laws are levied by the Office of Civil Rights (OCR) within the US Department of Health, Centers for Medicare & Medicaid.
The Federal Trade Commission is primarily concerned with the enforcement of laws that protect consumers. One of the things that have gotten new attention from the FTC is the failure of companies to keep the personal financial and personal information they hold. The FTC explains their privacy concerns on behalf of consumers as:
“When companies tell consumers, they will safeguard their personal information, the FTC can and does take law enforcement action to make sure that companies live up to these promises. The FTC has brought legal actions against organizations that have violated consumers’ privacy rights or misled them by failing to maintain security for sensitive consumer information. In many of these cases, the FTC has charged the defendants with violating Section 5 of the FTC Act, which bars unfair and deceptive acts and practices in or affecting commerce. In addition to the FTC Act, the agency also enforces other federal laws relating to consumers’ privacy and security.”
Breaches are Costly
HIPAA privacy violations are investigated and enforced by the OCR in the Department of Health and Human Services (DHHS). As of January 31, 2017, the OCR reported:
“… the compliance issues investigated most are, compiled cumulatively, in order of frequency:
- Impermissible uses and disclosures of protected health information;
- Lack of safeguards for protected health information;
- Lack of patient access to their protected health information;
- Use or disclosure of more than the minimum necessary protected health information; and
- Lack of administrative safeguards for electronically protected health information.
The most common types of covered entities that have been required to take corrective action to achieve voluntary compliance are, in order of frequency:
- Private Practices;
- General Hospitals;
- Outpatient Facilities;
- Pharmacies; and
- Health Plans (group health plans and health insurance issuers).”
Under HIPAA, repeat violations and egregious violations can result in a fine of up to $50,000 per violation – each record breached is considered a separate violation. So, fines can quickly run up in expense for a health provider, even if only 10 records are involved.
The FTC has similar authority and if your dental practice is storing credit card information and you are breached, count on dealing with them too.
So, if your security for your data was designed by your cousin’s recent college-unemployed son or daughter, or, your local computer repair store where expertise is in fixing computers, it’s time to have it professionally assessed and updated. Otherwise, you might as well have the local office supplier run your data protection for you.
Amnet is the trusted choice when it comes to providing managed data solutions. Contact us or send us an email for more information on IoT.
Used by permission