FYI

Dentist blog from Delta Dental

Tag: cybersecurity

Your dental policy brief: News updates as of August 2

From the latest on Medicare to recent court rulings affecting dentistry, FYI brings you the biggest dental policy stories.

CMS proposes Medicare dental coverage expansion after push from Congress

The U.S. Centers for Medicare and Medicaid Services (CMS) has released a proposed physician fee schedule rule for 2023 that would expand access to dental care services for Medicare beneficiaries. The proposal came after lawmakers in the U.S. House of Representatives and the U.S. Senate requested that the agency broaden the definition of medically necessary dental coverage as a way to expand access for Medicare recipients.

Currently, Medicare Part B only pays for dental services when it is deemed medically necessary to treat a recipient’s primary medical condition. The proposed changes for payments could become effective as early as January 1, 2023.

ADA says ransomware behind recent cyberattack, confirms data theft

The American Dental Association (ADA) has said that the cybersecurity incident it first reported in April was actually a ransomware attack, which ultimately led to the theft of member data. Although the ADA initially claimed that there was no data breach, a recent notice from the organization confirms that data theft occurred.

The notice does not share the precise data impacted, just that it was personal information tied to member names. Impacted members will receive complimentary credit monitoring and identity protection services. The ADA says it has assessed system security and reset relevant account passwords while it works to review and bolster existing policies and procedures.

Federal judge rejects Colorado inmate’s request for change in prison dental policy

A federal judge has denied an inmate’s request to order prison officials to halt their alleged unofficial policy of denying dental crowns to detainees. Beginning in November 2019, an inmate at the U.S. Penitentiary Administrative Maximum Facility in Florence, Colorado, sought treatment for broken and painful teeth. The prison dentist allegedly informed the inmate he needed a crown and teeth fillings, but the dentist could only “do one procedure per inmate per visit.”

The inmate, Peter George Noe, filed suit against the government and multiple medical personnel, claiming delayed and inadequate treatment. He asked for a preliminary injunction that would order the Bureau of Prisons to provide crowns generally, and to specifically perform his needed dental work. The district judge denied the motion, finding Noe had not shown he would suffer irreparable harm in the absence of a court order.

Supreme Court rejects dental hygienist’s medical marijuana workers’ comp case

The U.S. Supreme Court declined to hear the case of a Minnesota dental hygienist challenging denial of workers’ compensation for medical marijuana. The hygienist, Susan K. Musta, began purchasing cannabis to treat chronic pain due to work-related injuries in 2019 under Minnesota’s legal medical cannabis program and was not reimbursed for it under her workers’ compensation coverage for workplace injuries. Minnesota courts ruled that the federal Controlled Substances Act (CSA) prevented her insurer from paying for medical cannabis.

Musta appealed the decision to the U.S. Supreme Court alongside a similar Minnesota case. The U.S. Supreme Court indicated that fewer than four justices believed the legal challenge warranted the court’s consideration. State supreme courts in New Jersey and New Hampshire have ruled the CSA doesn’t preempt their workers’ compensation laws. However, like Minnesota, Maine’s high court reached the opposite conclusion.

Cybersecurity for your practice and beyond

It’s easy to believe that cyberattacks won’t happen to you. Why would a criminal choose your office as a target over corporations with more money and assets? Big businesses have plenty of resources to throw at security and firewalls, whereas your office may only have a few basic protocols in place. Better yet, every patient record they get can be sold online for over $400! About 79% of all reported data breaches in the first 10 months of 2020 were against health care entities, according to a report by Fortified Health Security. Understanding what risks exist in your office and proactively addressing them will help keep you and your patients safe, especially with moves towards teledentistry during the COVID-19 pandemic.

How data breaches happen

Internet-enabled devices within your office offer many points of entry for a criminal. Any computers, security cameras and tools connected to the internet can be open doors to thieves who want in.

Hacking and IT incidents are the biggest cause of data breaches, accounting for 69% of reported incidents. IT incidents include malware that’s installed by clicking on links in phishing emails or visiting unsecure sites.

The second leading cause was unauthorized access, which resulted in 20% of all breaches. This includes mistakes, like a lost tablet or folder of patient information, or intentional sharing of information by an insider in your office.

Teledentistry and additional risk

Teledentistry, while a fantastic option for reaching patients, opens a new door for cyberattacks. Text messaging and free video chat software aren’t viable options for telehealth, because all communication between you and your patients must be encrypted to be compliant with HIPAA.

The Office for Civil Rights (OCR) at the Department of Health and Human Services has announced that it will not penalize health care providers for using popular video chat applications during the COVID-19 pandemic, with a few caveats. You should notify your patients that these apps can introduce privacy risks and you should enable all available encryption and privacy modes when using them.

While some tools without encryption, like Skype and Facebook Messenger, have been given the go-ahead by OCR for use during the pandemic, HIPAA-compliant tools offer better protection of patient data.

Mitigating risks

Although you can never be completely invulnerable to attacks, having strong practices can make the difference between a scare and a nightmare.

The first steps you can take to proactively manage risk are some of the easiest:

  • Wi-Fi. Only use password secured Wi-Fi networks. If your office wants to have a network for patients or staff’s personal devices, create a password protected guest network.
  • Passwords. Use strong passwords on all your office devices. A strong password contains at least 10 characters and includes numbers, symbols, uppercase and lowercase letters. And remember to keep them safe. Don’t create strong passwords only to write them down on a sticky note!
  • Software. Before buying new applications, rigorously vet their compliance with HIPAA. A company might say its product is for health care practices, but that doesn’t mean it complies with laws around protected health information (PHI). And when you buy software, make sure to install updates promptly, since many software updates fix security problems that could be exploited by hackers.
  • Physical documents. If your office plans to dispose of hard copies of documents with patient information, destroy them so that any PHI is indecipherable and cannot be reconstructed.
  • Team protocols. Set up and enforce security protocols with your team. Have a regular, holistic evaluation of your protocols and how well they’re being followed. The National Coordinator for Health Information Technology (ONC) has a great list of tools, training and guidance to help you maintain your office’s strong security practices.

Beyond that, you can greatly reduce the financial burden of a breach by getting cyber insurance that covers the cost of investigating thefts, compensates for fines and penalties and funds lawsuits and legal fees.

If a breach does happen, take action immediately. Determine how the breach occurred and what information was affected. Get in contact with legal counsel before anyone else.

It’s going to take work and will probably be frustrating if you’re just starting out. But by implementing a strong cybersecurity defense, you’ll know you’ve done everything you can to keep your practice and patients safe.

© 2022 FYI

Theme by Anders NorenUp ↑