Computer security is one of those things businesses don’t often think of until after an incident has occurred. Unfortunately, that’s a problem dentists can’t afford to have since patient trust and HIPAA compliance hinges on taking proper computer security measures.
On this page, we’ll go over a few things your dental office should address to ensure you stay compliant with laws and keep patient data safe.
1. Provide Physical Security for Your Server
Because your server hosts all your patient data, it’s important to keep it physically secure. Some practices achieve this by locking the cabinet it’s in or by keeping it in a locked room with limited access, such as the dentist’s office. Conversely, you can host your database in the cloud and let your data management company take care of the physical security concerns. If you’re not sure how to keep your server physically secure or how to move to the cloud, connect with a local IT professional for help.
2. Restrict Server Access with an Admin Password
Setting a dedicated password for the server adds another layer of computer security ensures only those who need access to it can log in. If you’re unfamiliar with setting a password, see the Microsoft Guide for instructions specific to your version of Windows. A few tips on creating secure passwords from GoDaddy include:
- Don’t use your server password anywhere else.
- Don’t use a personally identifiable term (name, pet’s name, child’s name, etc.)
- Include different types of characters, including uppercase letters, lowercase letters, and punctuation.
- Aim for 15 characters and don’t go lower than eight.
- Avoid common phrases. They’re easier to crack.
3. Back Up Your Data
At some point, there will be an issue with your server. Maybe it’ll crash, you’ll have a computer security incident despite your best efforts, or you’ll have some other type of unavoidable and unplanned incident. To ensure you maintain patient data in these situations, you’ll need to take regular backups and test them to make sure they’re working properly. The Practice-Web User’s Guide has information on performing traditional database backups as well as running cloud and automated backups. If you’re performing manual backups, you’ll want to ensure that the backup is secured with encryption too. This is easily achieved with a tool like SecureAccess, which is freeware specific to SanDisk USB drives.
4. Encrypt Your Server Data
For the sake of HIPAA compliance, you’ll want to encrypt the data on your server too. This keeps it safe in the unlikely event that someone tries to gain access to your data despite physical barriers and passwords. Although unlikely in a dental office, that might be the case if someone steals your hard drive. You’ll need to prevent the individual from viewing, extracting, or retrieving your data for this reason. It’s easily done through a tool like BitLocker. This may be another area best addressed by your IT professional, though you can check out Microsoft’s instructions if you’re a tech-savvy DIYer.
5. Use an Antivirus Program
All computers in your office should have real-time antivirus protection. Even if your team isn’t intentionally visiting websites they shouldn’t or using computers for personal business, phishing schemes can slip by almost anyone, and even sites you may ordinarily visit can become compromised. Antivirus programs like Norton, McAfee, and Vipre can help protect your systems, but because viruses and hacking techniques are continuously advancing and adapting, no antivirus program is fail-proof. That’s why backups and working with an IT partner for your computer security needs are important.
6. Limit User Access
Sometimes dental practices fall into the habit of using one login for everyone or using a generic login on shared workstations. That can be problematic because HIPAA guidelines indicate that employees only have access to the data required for their jobs, so not everyone will need access to everything. Moreover, a single log-in makes it impossible to track who did what within the software.
Thankfully, Practice-Web makes it easy to limit access with individual user logins with permissions that can be managed at a group level. Check out the User’s Guide for information on user and security settings for full details
Learn More About HIPAA Compliance and Computer Security in Our On-Demand Webinar
Connect with Us
When it comes to computer security, many of the questions you might have are best answered by a local IT professional who knows your systems and network. However, if you have a question specific to Practice-Web settings or requirements, please connect with us.
If you’re aren’t yet using Practice-Web and want to check it out, request a free demo. Our team is happy to walk you through the software one-on-one, answer all your questions, and provide you with a trial version to explore on your own after.