Why Your Dental Practice Might be at Risk for a $1.5 Million Fine

Kiltesh Patel
October 23, 2020 | 4 min read

When we speak to dental practice owners about their patient records, they usually say the same thing, we are secured and HIPAA compliant. After a short conversation, we usually find the same common holes in their system. It seems many practices have the same mentality when it comes to data backup and security. Most of the time this works…until it doesn’t. For those unfortunate few, this can lead to a fine of up to $1.5 million. Few practices can survive that.

Because most practices are in jeopardy, there is peace of mind in knowing you’re at risk, but you’re not alone. In aviation, this is known as the ‘big sky’ defense. This is the term some pilots use to calm nerves about mid-air collisions when flying in airspace that is not monitored by air traffic control. The thought is that it’s a big sky, so it’s unlikely someone will hit us. That’s not exactly the most comforting thought when you’re 20,000 ft up. Luckily for us, most commercial traffic is closely monitored, and multiple systems are in place to protect us when we fly.

Some managers say “Our office uses paper documentation, so we are okay.” Sadly, in the event of theft, or a tornado, fire, or flood, you are still responsible for the paper documentation and any potential breach of information.

Another common theme, “Our office has in-house servers and our data is secured.” Unfortunately, in-house server-based dental practice management software requires up-to-date anti-virus protection and robust data backup. When done right, these servers cost thousands of dollars to keep current and online. (As you may know, anyone who is still using Windows 7 or before is vulnerable) Additionally, most data backup systems are cumbersome and some are woefully inadequate.  Have you ever re-stored the backup? It’s a common fatal mistake assuming that backup will work. In reality, this is unfortunately not guaranteed to work.

Many busy dental practices are relying on this ‘big sky defense’ to protect themselves from a HIPAA violation or a security breach. We commonly hear that managers prefer paper or in-office electronic storage (servers) to any sort of online storage system. The thought is that the records in the office are secure and records out there on the web can be hacked. The fact is the exact opposite! The potential for a security breach is much higher with existing systems in place like paper and in-house systems. 

Click to learn more about cloud security.

Those unfortunate few who have a security breach from theft or accident can be liable for civil and criminal penalties. Many practices cannot survive the penalties, fines, and the potential cost from a damaged reputation.

Just the facts:

In 2014, reported HIPAA breach cases on paper documentation was found to be the most vulnerable and involved almost 22% of breach cases; 50% of these from theft and loss.

In-house servers, laptops, desktops were an even bigger threat and involved 50% breaches; theft cases are 72%.HIPAA Breach Chart

A few of common themes:

  • “On-premise system servers (managed by Contractor) hacked”
  • “Backups of on-premise system were stolen from home”
  • “Portable hard-drive was left inside a van. Van was then stolen”
  • “Laptop or server stolen from the office”

The average cost of a single, stolen record containing confidential information is $141 (according to the 2017 Ponemon Cost of Data Breach Study). Multiply that by the number of patients in your practice and what do you get? The cost of a cyber security breach can destroy your business!

In 2019 alone, there were 3 major ransomware attacks, in the US, on multiple dental practices. The number of these attacks are continuing to rise. 

The solution:

The chances of data breach are small, but the financial risks are very large. Paper & In-house storage systems are at higher risk and can be addressed today by implementing cloud-based dental practice management solutions.

The medical community has been struggling with this same issue for many years. Patient records have been liberated by cloud-based solution providers like AthenaHealth, Practice Fusion, Cerner, etc., and these solutions have a good track record. HIPAA violations aren’t happening from the cloud, but they’re happening in the practice, homes, cars, etc.

tab32 was built by skilled healthcare technologists with decades of experience; they worked on supercomputers and medical informatics at the University of California and UC Davis before developing the platform. Our cloud dental practice management software sits on Google's multi-tenant cloud infrastructure. This allows for a few things: we can innovate fast, but it also means we are backed by Google's security. These levels of resources are not available to many small practices when only using in-house server-based dental software. tab32 also has its own security department monitoring everything that happens on the platform.

Contact us today to learn how you can address this solution at almost no additional cost! In fact chances are, that what you’re doing now is not only inferior, it’s also more costly.

Book a demo now!

No Comments Yet

Let us know what you think