The Federal Occupational Safety and Health Administration (OSHA) exempts dentistry, as a low-risk industry, from…
In the wake of the Russian attacks against Ukraine, the American Dental Association (ADA) published an article in ADA News advising dentists to be on alert for cyberattacks. This article follows a joint warning issued by the US Cybersecurity and Infrastructure Security Agency and US Federal Bureau of Investigation (FBI) about possible increase in cyberattacks.
Dental offices face major problems if their patients’ protected health information (PHI) is stolen, misused, or rendered unavailable because much of the information they have is critical to their business and vital to the care of their patients. Examples of cyberattacks include malicious programs such as malware, phishing, spyware, viruses, and ransomware; stolen hardware; unauthorized internet access; and fake websites.
In the event of a cyberattack that involves a potential breach of unencrypted PHI, a dental office must follow the HIPAA breach notification procedures under the Breach Notification Rule, must conduct a security risk analysis to identify and fix any technical or other problems to stop the incident, and must take steps to mitigate any impermissible disclosures or uses of PHI. Depending on the nature of the cyberattack, the dental office should also report the crime to law enforcement agencies, which may include state or local law enforcement and the FBI.
Under HIPAA’s Security Rule, covered entities are required to adopt adequate means for safeguarding the confidentiality, integrity, and availability of PHI. Additionally, dental offices are expected to conduct a security risk assessment regularly to assess security vulnerabilities and the mechanisms currently in place to mitigate them, and then to determine what additional controls, if any, should be implemented.
For our OSHA Review Subscribers… A checklist to help dental offices conduct a HIPAA risk assessment is available from OSHA Review’s website, in the clients-only section under OSHA Review/Professional Documents.
Since 1992, OSHA Review, Inc. has provided dental professionals with comprehensive programs to support regulatory compliance and infection control. We are a registered continuing education provider in the state of California, specializing in Dental Practice Act, infection control, and OSHA training.