Should You Have HIPAA Compliant Online Forms for Patients?
The widespread use of technology gallantly makes life and business faster, easier, better– but also more vulnerable to security leaks. If your patient intake forms are now online in a cloud somewhere, you should care about the HIPAA compliance rules that can slap your dental practice with a $50,000 fine!
Why are HIPAA compliant patient forms such a big deal?
The answer: hackers. They can now be anyone, not just an eerie college student with nothing better to do after classes. Unfortunately, many hackers today make a grand living by capitalizing on people’s over-trusting use of technology in the home and in the dental practice.
Are you among the vast majority of dental practices that have embraced a paperless business model and storing patient information on a computer has become commonplace? Being able to access information from your office, smartphone, tablet, and home computer can free up so much time that can be spent connecting with patients at work and your family at home, but it also opens you up to violating HIPAA rules.
As the Health Insurance Portability and Accountability Act of 1996, HIPAA has been assigned by Congress to “require the protection and confidential handling of protected health information” of all citizens. This function of the act seeks to make sure the way you handle your patient’s sensitive information is up to standards and encrypted to protect against hackers or leaks.
What happens if you fail to comply with HIPAA rules for online patient forms?
A data breach constitutes a violation that can penalize you with a minimum $50,000 fine! A violation could also result in a damaged reputation among your referring colleagues, community, and may even involve the threat of jail time.
It’s better to be safe than to be sorry. How do you make sure your dental practice is HIPAA compliant regarding your online patient forms?
How to have HIPAA compliant online patient forms
Here are some tips to help your dental practice stay on top of HIPAA compliance:
- Have an updated HIPAA compliance policy
- Have someone in your office in charge of keeping your HIPAA compliance up-to-date
- Train staff regularly on remaining in compliance
- IMPORTANT: Encrypt your servers, workstations, and laptops that handle patient information
Why is that last point about encryption so important? We have talked about the importance of adding the secure encryption known as HTTPS to your website. Here is a quote from the American Dental Association’s FAQ page as further evidence:
Question: My IT tech support and/or colleagues are telling me to encrypt my servers, workstations, laptops, tablets etc. Is this a HIPAA requirement?
Answer: Under the Security Rule, encryption is required if it is reasonable and appropriate to protect patient information. If you decide not to encrypt, you must document your decision and the reasoning behind it. Appropriate encryption can also help prevent a reportable data breach. Therefore, appropriate encryption for your practice’s computer hardware, handhelds, mobile devices, and removable media is strongly recommended. Encryption should be included in a dental practice’s periodic risk analysis to evaluate the risk of unauthorized access to Electronic Protected Health Information (ePHI) (for example, as a result of loss or theft of a laptop or other device).
As your experts in dental marketing, we are always on top of the latest and most relevant information for you to continue to run your practice successfully. However, encrypting patient forms is not a service that Roadside offers. But, there are many vendors that offer this service.
We have found intakeQ to be an affordable service that is easy to use and recommend this service to our clients who are interested in keeping their online patient forms HIPAA compliant. The folks at intakeQ even offer a free trial and can convert all your existing forms for you to give it a try with your patients!
We recommend you give intakeQ a try for your dental practice. If you have any questions as to how to get your HIPAA compliant patient forms featured on your website, just ask us!