In light of some Electronic Dental Record (EDR) nay saying by a few unconvinced dentists on the Internet, we’ve decided to address the most pressing concerns that potential EDR users have about taking the electronic leap; or more specifically, the fears that surface while mulling over the decision to store, manage, and share protected health information (PHI) using Internet-based software. The PHI we speak of includes patient insurance information, dental records, x-rays, and any other individually identifiable health information the U.S. government deems HIPAA protection-worthy. We find that the majority of EDR myths revolve around ROI and HIPAA compliance.
1) The “HIPAA Police” Are Going to Get Me for Sharing Protected Health Info Online
HIPAA’s Security Rule permits the transfer of patient information and dental records from one covered entity to another. So if you’re a dentist, hygienist, or other dental care provider seeking a fast, efficient way to transfer dental records and refer patients to oral surgeons, orthodontists, or other specialists, you’re in luck. Doctors can disclose entire records to other doctors and are exempt from the minimum necessary standard while doing so. The Department of Health and Human Services recognizes the need to optimally treat patients: they acknowledge that proper care relies heavily on assessing complete dental histories and records. Long story short, complete patient information can be shared between doctors via email messages or secure online portals.
2) HIPAA Standards for EDR’s Are Too Costly and Time-Consuming to Implement
The technical requirements outlined in the Security Rule might seem burdensome at first glance; but in all actuality, you can check most of them off of your to-do list if you’re already Privacy Rule compliant. That’s because the Security Rule was designed with existing HIPAA regulations in mind and is meant to merge the two as seamlessly and quickly as possible. According to 45 CFR § 164.306 (b), flexibility of approach of the Security Rule, dental professionals are apportioned a generous amount of leeway regarding the security measures they implement to protect electronic records. So long as you’re “reasonably and appropriately” implementing security standards to ensure the integrity and safety of patient documents, the government could care less which online portal you log into each day. What does this have to do with cost, you ask?
You’re free to shop around for an intuitive, user-friendly web portal that’s encrypted, exists on a secure server, is audit-ready, or features other built-in security protocols; and by selecting a program that implements these security measures automatically and at no added cost, you’ll spend little to no time (or money) integrating new safeguards with your existing processes.
3) EDR’s Offer Little to No ROI
Nonsense. Think of it this way: deciphering hand-written documents faxed over from neighboring facilities that read way more like chicken scratch than pertinent patient information, turning your office upside down in search of that missing, misfiled chart; or gaping in disbelief at blank patient documents, pondering the audacity of such a thing, are all very time consuming. Fortunately, time wasted repairing these blunders can be done away with completely thanks to EDR’s. Organized, neatly-typed documents can be accessed from an online portal anytime, anywhere; and they eliminate the need for duplication. Talk about a real time (and headache) saver.
4) There’s More Room for Inappropriate Access With EDR’s Than There Is With Paper
Your chances of an inside information breach are as good as the values and ability to follow directions of your staff members. They’re also as good as the policies that you put into place, so make sure you’re implementing effective safeguards, keeping your staff trained and up to date on the latest changes to rules, and standardizing your processes throughout your organization (you should actually already be doing all of these things in accordance with the Privacy Act). Just as electronic records can potentially be tampered with, talked about, or viewed inappropriately by a staff member, paper records aren’t safe from being inappropriately disclosed or removed from the office, whether intentionally or mindlessly. The Department of Health and Human Services brings up a great point: There is really no such thing as a “totally secure system,” whether that system is a paper or an electronic one. This “indestructible super system” might exist in a perfect world, but then we wouldn’t need HIPAA, now would we?
5) Patients’ Records Will Get Hacked Into or Lost
Referring back to the discussion about availability of electronic software options, ask yourself the following questions:
· If my EDR’s are stored in a cloud portal, does the portal have a remote server that doesn’t store all data in one location, minimizing damages in the event of a data breach?
· In the event of a natural disaster or other emergency, will data be recoverable?
· Can I store data to the software portal indefinitely?
· In accordance with HIPAA Omnibus, will the software provider take steps to uphold HIPAA while informing me of any breaches?
· Does my software portal of choice encrypt their data, encoding messages and other information shared online so that it’s undecipherable by hackers?
· Does the portal or software system include a secure timeout feature, automatically logging users out of the system when they are idle?
· Am I running a high-quality anti-virus program on all of my devices (PC’s,laptops, tablets) that are used to access and share dental records online?
If you can answer “yes” to these questions, your EDR’s are already much safer than their paper cousins. Paper can always get lost, but EDR’s may be stored indefinitely. And with electronic records, audit trails are easily implemented, highly measurable, and extremely accurate. Anyone could physically “hack” paper records if your office is broken into, and there’s no such thing as “encryption” for file cabinets: unless you’re keeping clunky deadbolts on all the drawers.