The Federal Occupational Safety and Health Administration (OSHA) exempts dentistry, as a low-risk industry, from…
Lately, we have been hearing more and more reports about cyberattacks affecting businesses of all sizes nationwide. This past summer, over 400 dental practices were affected by a ransomware cyberattack from a third party data company. Then, most recently, the American Dental Association (ADA) reported last month that Delta Dental of Arizona was a victim of a phishing attack. Both events underscore the necessity for diligence in implementing and ensuring effective cybersecurity strategies.
Phishing is the fraudulent attempt to obtain sensitive information, such as usernames, passwords, and credit card details by disguising onself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site. Phishing can also be used to deploy malware (of which ransomware is an example) to gain access to a system.
Under HIPAA’s Security Rule, covered entities such as dental offices are required to adopt adequate means for safeguarding the confidentiality, integrity, and availability of PHI. Effective employee training is critical to this endeavor. Additionally, dental offices are expected to conduct a security risk assessment regularly to assess security vulnerabilities and the mechanisms currently in place to mitigate them, and then to determine what additional controls, if any, should be implemented.
In the event of a cyberattack that involves a potential breach of unencrypted PHI, a dental office must follow the HIPAA breach notification procedures under the Breach Notification Rule, must conduct a security risk analysis to identify and fix any technical or other problems to stop the incident, and must take steps to mitigate any impermissible disclosures or uses of PHI.
For our OSHA Review Subscribers… A checklist to help dental offices conduct a HIPAA risk assessment is available from OSHA Review’s website, in the clients-only section under OSHA Review/Professional Documents.
Since 1992, OSHA Review, Inc. has provided dental professionals with comprehensive programs to support regulatory compliance and infection control. We are a registered continuing education provider in the state of California, specializing in Dental Practice Act, infection control, and OSHA training.