A few weeks ago, Hushmail Technical Account Manager Jarred Bolen joined Dr. Neil Gajjar, past president of the Academy of General Dentistry (AGD), in a webinar provided by AGD.
They discussed the unique concerns dental practices have as they reopen and answered questions about the technology that can be used to help dentists make the transition back to providing elective services.
Here’s a brief overview of what they discussed, followed by a link to the webinar.
The impact of COVID-19 on your practice
The COVID-19 pandemic has made it necessary for dental practices to reassess all aspects of their business as they reopen to provide elective care to their patients. Intake processes that once worked (e.g., paper forms) no longer provide a safe experience for patients and staff. Waiting rooms are no longer safe environments, and new strategies are needed to welcome patients to their appointments.
The pandemic is making it necessary for many practices to quickly start using technology that’s new to them, and this brings up questions about safety, affordability, and practicality. And, of course, compliance issues.
HIPAA, the law that protects sensitive patient health information in the United States, and PIPEDA, the law that regulates the collection, use, and disclosure of personal information in Canada, have been around for more than 20 years. Now is a perfect time to ask questions about technology and ensure that your practice is up to speed when it comes to complying with these and other applicable laws.
Choosing the best compliant tools for your practice
It's easy to send a regular email or text message with the PDF of a form to communicate with patients, but when you want to ensure that the data in those messages is secure – that involves a little more effort and potentially cost. However, for your practice to be in compliance, encrypted communication services are necessary.
All services have their pros and cons, and no one service suits everyone. It’s best to look for services that provide you the most for the least, both in terms of service and ease of use.
It pays to do the research now. Once you sign on to a service, it can take some effort to move to another one if you change your mind later. Here are some things to look for when choosing a service:
Flexibility and control
Perhaps one of the most challenging aspects of managing your practice during a pandemic is that the situation is constantly changing. The technology you use must be flexible enough to support those changes.
For example, you need to be able to modify the pandemic web form you use to screen your staff and patients as hot spots change or new symptoms become evident. Being able to make these changes yourself and have them go live immediately is essential to keeping your practice up to date, without costing a lot.
Works well on multiple platforms
Another thing to consider when you're researching services is to be aware that there's no one platform out there. What looks good and works on a desktop computer might not work well on a tablet or smartphone.
Therefore, it’s important to test these services for yourself before making a commitment. Make sure you know what your patients are going to experience, as well as how things work on the backend. Fortunately, most services make this easy to do with free trial periods or money-back guarantees.
Offers a BAA
Consider if the services include a Business Associate Agreement (BAA), or if they charge extra for that document. Basically, the agreement outlines the steps that will be taken to protect the patient information the service provider handles. For practitioners in the US, a BAA is necessary for HIPAA compliance. Be sure to check to see if that BAA is included in the subscription price you’re considering. Some services charge extra for a BAA, potentially adding hundreds to your bill.
If your practice is in Alberta, Canada, the Alberta Health Information Act requires an Information Manager Agreement, which is similar to a BAA. If your practice is in one of the other Canadian provinces, although not required by law, requesting a signed BAA assures you that your patients’ PHI will be handled in a secure manner.
Technologies to use with caution
There are some services that you must use with caution because not all service providers ensure encryption, and to expose your patients’ protected health information (PHI) can result in hefty fines.
As mentioned earlier, using email is easy because pretty much everyone has an account and knows how to use it. But, most email services are not encrypted and secure. Sending an email without encryption is like sending a postcard with the message written on the back for everyone to see.
When researching encrypted email services, you’ll usually find two different types of encryption. One type encrypts emails in transit but not in storage. This type of service is easy to use with no extra steps like passwords, but it’s also not the most secure.
There is also what’s called the escrow method that encrypts individual messages both in transit and in storage. Messages must be read on a secure message site and require the extra steps of setting up and typing in a password. Most people have no problem adapting to these steps but they may be an inconvenience to some.
Part of being HIPAA compliant is being able to have the information you send deleted when you request it. Most texting services don’t allow this level of control, and most don’t secure the information with encryption, meaning it’s possible for those messages to be intercepted.
In the webinar, Dr. Gajjar and Bolen discussed some more secure alternatives to text messaging, such as the encrypted messaging app Signal. Another one is Apple’s iMessage, which has built-in encryption. However, with iMessage you must make sure the person you're communicating with also has iMessage and has it enabled.
Patient review sites
You might think that responding to reviews on a site like Yelp would be a best practice for maintaining good patient relationships. However, practitioners must be very careful about how they respond to reviews, if they choose to respond at all.
Responding to a poor review in a way that acknowledges the practitioner/patient relationship is revealing protected health information (PHI) and can result in a hefty fine. If you try to dispute the review or offer a service, that acknowledges the relationship and is a clear HIPAA violation. Always proceed with extreme caution when responding to reviews. If you feel you must respond, it’s best to reach out privately using encrypted email.
And that’s just a brief overview of the webinar
Dr. Gajjar and Bolen also address the following topics:
- What is PHI?
- The importance of an archive
- Conducting a risk assessment
- Web forms you can use to reopen your practice
- Credit card processing
- HIPAA-compliant fax services
- Helping older patients adapt to new technology
- And a lot more!
Watch the webinar
Read Dr. Neil Gajjar’s case study and request the three forms he uses in his reopened practice.
You can enjoy other webinars hosted by Bolen on our webinar page.
Ready to get started with HIPAA-compliant email and web forms?