Dental Network Security & HIPAA

Dental ITWhen designing and managing a computer network for dental offices, compliance with HIPAA is of paramount importance. Specifically, the Security Rule of HIPAA must be applied and enforced to all devices using the network, as well as all access points in use by employees.

In order to comply with HIPAA, there are several requirements that can not be avoided. For one, employee password compliance must be enforced. The easiest way to do this on a computer network is to put together a Windows Server and configure it as a Domain instead of a Workgroup. By using a domain configuration, employees can be made to log into their PCs using domain credentials instead of individual PC credentials. Domain servers have the power to strictly enforce password compliance via expirations and complexity requirements, and also prospectively reports on employee activity using any device on the network. On the event of a data breach, prospective reporting is mandatory for finding out where the breach occurred from, as well as what data has been breached.

Another specific requirement from HIPAA is that data must be encrypted, at minimum when the data is in transport. Where this comes in, is during data backups and email. Email encryption can be applied to your current email address, and free trials are available at dmi Networking, Inc. dmi’s email encryption solution uses an Outlook plugin or a web-based interface to encrypt your current email as well as supply return receipts and eContract capabilities, and comes at a very reasonable price.

Another point of encryption is on data backups. Data backups to the cloud must be encrypted before the data is transmitted, or, the company involved in the backup should sign a Business Associate Agreement (BAA) with you. Additionally, local backups must be encrypted either using Windows Server Backup onto a hardware-encrypted drive, or through a software-encryption solution.

There are a few more mandatory minimums that must be applied to a dental network in order to comply with HIPAA, such as business class antivirus, windows and 3rd party patching (such as Java, Adobe, etc.), and more. You can request a free checklist for compliance from dmi Networking, Inc., or take a look at their service packages for information.

Following this link will take you to their central page where you can get a free trial of email encryption, or contact them directly for more information about solutions for Dental IT