Are you illegally sharing dental patient data with your colleagues?

April 8, 2015
The cloud is bringing dramatic changes to dentistry, making collaboration possible from anywhere, critical patient information available anytime anywhere, and second opinions from anyone anytime. However, amid this change, there’s still one constant at the heart of delivering quality care: patient trust. Asaf Cidon teaches you how to use the cloud in a HIPAA-compliant way.

The cloud is bringing dramatic changes to dentistry. After all, modern health care—advanced dentistry included—increasingly demands seamless care coordination. The cloud makes such collaboration possible from anywhere; for the first time, critical patient information is available at dentists’ fingertips whenever and wherever they might need it. You’ve likely already considered the powerful implications: Second opinions can come as easily from an oral surgeon who is at a conference as when she’s at the office. So it’s no wonder that smaller practices are relying on easy-to-use services such as Dropbox for file storage and collaboration—it’s a relatively inexpensive way to tap into game-changing efficiencies.

ADDITIONAL READING | 5 important things to be aware of before signing a dental website design contract

But amid all this change, there’s still one constant at the heart of delivering quality care: patient trust. And cloud file-sharing services including Dropbox and Google Drive are not HIPAA-compliant. HIPAA may have already been top of mind for many oral surgeons dealing with complex cases, but it’s only been a few years since the Department of Health and Human Services mandated that dental practices comply with HIPAA, and some practices are likely struggling with how to balance their desire for productivity with these compliance requirements. Here’s how to use the cloud in a HIPAA-compliant way:

Add a transparent layer of encryption. Encryption is an important way to ensure that people don’t get unauthorized access to files, because it essentially scrambles the data so that only you and authorized users can read the information. You’ll want to find a solution that can protect your files whether they’re stored on the cloud or downloaded to your devices. When we talk about encryption being “transparent,” we’re referring to how seamless that experience should be. There’s little point in using the cloud if your security solution forces you to sacrifice the efficiency gains you would have realized with the cloud or slows you down in other ways.

It’s about more than the cloud; it’s also key to keeping mobile devices secure. One of the best features offered by cloud storage and sharing solutions is the sync feature. It’s a powerful advantage to be able to synchronize files wherever you might need them, from your desktop to laptop to tablet or mobile phone. But file synchronization can sometimes undermine your HIPAA compliance efforts. Even if files are secured on the cloud, once they reach devices, they’re unprotected. That, in turn, can lead to a HIPAA breach, because if those devices are lost or stolen, your patient data has been improperly exposed. But there’s an easy solution: Certain encryption measures—dubbed on-device or file-level—solve this problem by protecting information even when isn’t on the cloud.

Share files in a protected manner. When dentists refer patients to specialists (i.e., periodontists or endodontists) or exchange information with labs, they might be doing it in inefficient or insecure ways, such as via snail mail, fax, or even email. For all of email’s popularity, it’s not a secure method for transferring private information. The same goes for cloud file-sharing systems. Though shared folder and shared link features provide an easy way to transfer information, including large files, it’s essential to protect these in transit and when stored on devices. Adding a transparent layer of encryption will essentially build a compliance shield around these shared documents, freeing you from worrying about sharing sensitive patient information.

ADDITIONAL READING |Cyber security new necessity for dental practices

While the importance of encryption cannot be overstated, that doesn’t make it a panacea. For practices large and small, it’s also important to have control over your information. By the same token, you’ll also want to be able to track all of your encrypted data, a process that’s been made much simpler by technology. When you know what to demand from your cloud solutions or complementary services, it’s much simpler to control the cloud and make it HIPAA-compliant, so you can wring as much collaboration and convenience out of it as possible.

Asaf Cidon is CEO and co-founder of the cloud security company Sookasa, which encrypts, audits, and controls access to files on Dropbox and connected devices, and complies with HIPAA and other regulations. Cidon holds a PhD from Stanford University, where he specialized in mobile and cloud computing.