Setting up a HIPAA Contingency Plan for Your Dental Office

Setting up a HIPAA Contingency Plan for Your Dental Office

Leave a laptop on the bus, one containing patients’ personal health information, and you’ll instantly get why you need a HIPAA contingency plan. Whether you are that careless (and hopefully you aren’t!) or your office’s entire records system goes down, you need a plan to recover and protect these exposed health records—fast. Your dental office won’t function properly without them, and you’ll have to respond quickly to minimize as much potential damage as possible. If you’ve already made your system HIPAA compliant, you should recover from this crisis more easily.

The first step in developing your HIPAA contingency plan is to have a way of identifying the records affected by the security breach. The head of security in your dental office should detect the breach through the monitoring system you have already established. And once the exposure of personal health information is recognized, you must be capable of immediate action to identify where the breach(es) occurred, plug the hole(s), and document all records that have been affected.

But your HIPAA contingency plan also requires that you have a data backup plan for cases of records actually lost from the system. This, too, should have been established as you made your system HIPAA compliant. After a security breach, you must be able to retrieve all or most records from your backup system, often located offsite. It should be possible to recover any lost personal health information, and you can soon start notifying patients about the problem.

But maybe that laptop containing personal health information never got left on the bus. What if, instead, you were flooded out or your dental office suffered a freak lightning strike, wiping out your entire computer system? Enter the HIPAA contingency plan again, because it requires that you have a disaster recovery plan. Have you designated alternate or offsite computers to use in a pinch? And once again, can you retrieve information from your backup data storage company? (If you back up your system regularly, perhaps at the end of each day, you will only have lost one day’s worth of information.) Even if you can’t run the dental office quite normally, you should still have a plan to operate in emergency mode.

When you make your records system HIPAA compliant, recognize that your plans for a security breach or disaster are so important that you shouldn’t just dream them up and put them in a manual—you should practise them. Hold drills in your dental office to discover any flaws in the plan and also to make the emergency actions second nature to your staff. When your patients’ personal health information is at stake, create a HIPAA contingency plan that lets you leap into action to protect or recover these records immediately.

  • Posted by Steve/
  • Uncategorized/