top of page
  • Michelle Shimmin

Enhancing Orthodontic Practice: Data Privacy and Security

Within the orthodontic specialty, as in other healthcare specialties, protecting your patient’s personal information is essential.  In this article, we will discuss the current privacy landscape and the need to sharpen the focus on privacy compliance within your practice. Yes, it is required by law, but it can also build trust with your patients, improve retention, and strengthen your competitive advantage. 

Data privacy is so much more than having a Notice of Privacy Practices, getting a signed acknowledgement from the patient, and speaking in hushed tones.  The Health Insurance Portability and Accountability Act (HIPAA) lays out three rules that healthcare providers must adhere to – the Privacy Rule, the Security Rule, and the Breach Notification rule.  We won’t dive deeply into each one in this article, but it is essential to understand the basics.  First, you must maintain the privacy of your patient’s Protected Health Information (PHI), only disclose as allowed by law, and provide a means for your patients to access, correct, and obtain an accounting of disclosures.  Second, you must ensure the confidentiality, integrity, and availability of the data by implementing “appropriate” security controls.  Third, if you experience a data breach or unauthorized disclosure, you need to adhere to the rules regarding who to notify, what to include, and within what timeframe.

HIPAA has been around since 1996, so it is definitely not new.  But with the recent rash of new consumer privacy regulations in the United States and across the world, individuals are becoming more privacy savvy and the expectations they have for those with whom they share their data are extremely high.  Generally speaking, people are consumers far more often than they are patients, so it makes sense that these consumer regulations are driving a renewed interest in data privacy and bleeding over into healthcare. More rights and protection for our personal data is great news for all of us as patients and consumers, but it can be burdensome and introduce additional risk to your practice.

Orthodontic practices face an array of potential privacy threats. These threats may be internal or external and come in many forms including cyber-attacks such as ransomware and phishing, impermissible disclosures, device loss or theft, and snooping on patient records.  To stay ahead of these threats, your practice should adopt a proactive approach to data privacy and security.  This includes thoroughly understanding the data you hold as well as implementing the necessary notices, policies, procedures, controls, agreements, and training.  If you experience a data breach or a complaint is filed against your practice, the Department of Health and Human Services will be digging into all of this.  Being able to show your commitment to data privacy and readily produce everything they are looking for can significantly reduce the likelihood and the level of fines.

We all deserve to have our personal data protected and to expect that those we choose to share it with are focused on doing that.  It is even more essential with Protected Health Information due to the sensitive nature of the data.  Being a good steward of this data is important to your patients and it is the right thing to do.  But beyond that, it can be a differentiator for your practice and very good for your reputation and your bottom line. 

Book your free data privacy consult today with Waterpointe Consulting, a Shimmin Consulting trusted partner.

Greg Drysdale


12 views0 comments


bottom of page