We’re living in an age where data security is one of the major concerns for every industry.
However, if you’re a healthcare professional, maintaining optimal security becomes all the more crucial given that data breaches are at an all-time high within our sector. There are a lot of stories often doing the rounds about hefty penalties being thrust upon well-established industry leaders even— most times due to violations that could be completely avoided.
To that end, adhering to the regulations and rules laid down in the Health Insurance Portability and Accountability Act (HIPAA) is highly significant for the smooth functioning of your dental care facility.
Billing and coding is no exception to this.
If you’re a dental care provider practicing in the United States, you should rather regard HIPAA as your security bible. And while this article fundamentally focuses on the billing aspect, it is important to remember that HIPAA can never be applied to one single organizational function exclusively and that it governs every single facet of care delivery.
Here are a few useful tips for keeping your dental practice’s billing and coding HIPAA-approved.
1) Employ Robust Measures to Ensure Security of Sensitive Data
During the last decade alone, more than 3,054 healthcare data breaches involving 500 or more records have been attempted. These breaches have resulted in impermissible disclosures, losses, thefts, and unwanted exposures of approximately 230,954,151 health records, which roughly equates to 70% of the total population of the US.
Add the ongoing COVID-10 health emergency to the mix, things only get worse.
Now, imagine the enormity of this problem!
Once the confidentiality of patient data gets compromised, the resultant negative ripple effects can be felt across the entire care continuum. Patients end up losing trust in the system and revenue goes for a complete toss.
As far as dental billing/ coding is concerned, securing sensitive data with encryption is the best solution. Encrypting this data is especially important when it leaves your facility’s secure network to be shared with an external source (e.g., a teleradiology network, a referring dentist’s office, a patient portal, etc).
Not just the data in transit, encrypting stored billing data at rest is of equal importance. Doing this furnishes a supplemental layer of security that keeps intruders from decoding and sharing critical information, even if they somehow manage to gain access to the primary source of data storage within your organization.
Healthcare organizations should also make sure they have a robust recovery plan in place for their billing data, as well as a dependable, always-available backup copy—either stored on the web, or in an external device.
One of the ways in which this can be done is by storing your data on a HIPAA-compliant cloud server. Such a remote storage source ensures maximum security while preserving the ability for authorized individuals to access necessary data virtually anywhere, anytime. And even if a breach occurs, you’ll easily be able to restore all of your data back to another system.
2) Proactively Educate your Staff about Compliance Protocols
There’s more to HIPAA compliance than simply utilizing software solutions, strong passwords, or encryption to secure your billing/coding data. All of this will only prove to be beneficial if the first points of contact within your organization, i.e. the members of your staff, are well trained.
Since both billing and coding usually revolve around handling patients’ personal information (including their insurance details, electronic health records, and credit card numbers), those responsible for carrying out these processes within your organization are legally required to safeguard this information.
Thus, it’s of critical importance for healthcare providers to educate staff on how to maintain compliance at all times. It really doesn’t matter how big or small your practice is, every single employee should know the basics of compliance and other details related to its protocols.
Now, in order for that to happen, your staff requires some form of formal HIPAA compliance training.
Each and every member on your staff needs to know what information cannot be disclosed or shared with any other individual, or on any other platform( such as third-party websites or social media channels). Prying in on patient data is also considered a violation under HIPAA.
Furthermore, authorized individuals on your staff who have access to sensitive patient information need to understand that it is their liability to protect that data. If not, these individuals put the entire organization at risk for grave penalties and/ or other legal obligations that will tarnish its reputation—or even threaten its survival—in the long run.
Lastly, it is equally important to trust your staff. Most employees do not want to disclose patient information in an illicit manner. Disclosure occurs unwantedly in the majority of cases. This is where regular training can keep employee HIPAA awareness sharp and help mitigate risks.
3) Conduct Risk Assessments and Security Audits on a Frequent Basis
Risk assessments are an extremely vital component when wanting to keep your billing/coding practices compliant with HIPAA rules and fortify your practice’s overall cybersecurity framework.
In fact, the Department of Health and Human Services (HHS) requires all healthcare entities – right from small provider groups, to large health systems, and business associates of these covered entities – to continuously assess vulnerabilities and risks to their data and develop a backup plan for mitigating risks if a breach were to occur.
Therefore, carrying out frequent security audits and risk assessments is more a compulsion under HIPAA rules than a matter of individual preference.
The majority of times risk assessments only focus on where electronic Protected Health Information (ePHI) within your facility is ‘supposed to be’, not ‘where it could be’. It is important to consider all the places ePHI could be in, even if it isn’t readily visible on the surface.
Local hard drives, thumb drives, mobile devices, email, and fax, and copiers are often overlooked as places that ePHI could intentionally or unintentionally reside in and be at risk.
It takes a lot of effort to properly conduct a HIPAA risk assessment and plan to remediate the gaps identified. Continuously following through on the remediation plans can also be difficult but is necessary to make sure all gaps are closed.
All in all, compliance is a multi-faceted aspect of dental care delivery.
In order for it to be beneficial, every small contributor needs to play its part well. Right from the virtual controls you employ, to your staff, to security systems with the organization itself – it is the right balance of everything.
Needless to say, keeping your dental care facility’s billing and/or coding HIPAA-compliant greatly depends on how well all these processes and systems work in sync with each other.
Dr. Chuck Le is the founder of 7 Day Dental and is a recognized leader in the field of dentistry. For several years, Dr. Le has dedicated his personal time and resources to working with organizations and causes that help the less fortunate, as well as youth development and well-being, both internationally and here. His philanthropy has included his contribution to the disaster relief efforts after the 2004 tsunami in Thailand and the restoration efforts after major conflagrations in Vietnam.