• Encrypt sensitive data , such as Social Security numbers . Encryption provides better protection than passwords alone . It is the most effective way to achieve data security . To read an encrypted file , one must have access to a secret key or password that enables you to decrypt it . These protocols must be applied to all forms of data storage that contain patient information , including computer hard drives , laptops , thumb drives , CDs and backup tapes .
• Physically destroy or electronically remove data from hard drives before disposing of computers .
• All Internet connections must have secure firewalls and anti spy / spam / virus programs .
• Disable computer jacks , such as USB ports , to make it difficult to copy information onto portable media .
In the event your office sustains a data breach , follow your state laws to find out how to respond . Reporting identity theft to local law enforcement will enable a more effective response . The Health Insurance Portability and Accountability Act ( HIPAA ) has provisions regarding data security breach notifications . The provisions have been amended by the Health Information Technology for Economic and Clinical Health Act of 2009 ( HITECH ). As of September 23 , 2009 , patients must be notified any time their unsecured personal health information ( PHI ) may have been compromised through unauthorized acquisitions , access , use or disclosure . HITECH ’ s security breach notification requirements apply to covered entities .
Data Breach — Will it Happen to You ?
TDIC developed a sample letter for dentists to send to patients as notification of a data breach . This letter can be accessed at thedentists . com in the recordkeeping and forms section of the Risk Management link . The impact of losing electronic data is expensive , time consuming and can be damaging to the operations and reputation of a dental practice . Often , office property insurance provides coverage for physical loss or damage to electronic data processing hardware , software and media . This does not usually cover costs associated with data being lost , stolen or damaged . TDIC
offers Data Compromise Coverage to help dentists respond to loss or theft of patient information as an optional piece of the office property policy . Contact your TDIC broker to inquire about Data Compromise Coverage . If you don ’ t have TDIC , contact your existing carrier to determine coverage and limits in the event of a data breach .
For more information or a quote on a TDIC professional liability policy or any other insurance product , please contact a PDAIS representative at ( 877 ) 732-4748 or visit the website at www . pdais . com .
28 May / June 2010 • Pennsylvania Dental Journal