In push for data security, practices need a plan

2015 06 01 14 37 33 930 Benton Lindy 200

Technology, information technology (IT), and computer systems are hugely important assets for your practice. As these systems perform highly critical and sensitive functions, any loss of systems or data will affect your practice in terms of time, income, and potential fines, not to mention the fact that loss of personal information to the outside world can be catastrophic.

Lindy Benton is the president of MEA|NEA.Lindy Benton is the president of MEA|NEA.

We've seen many clients who keep their patient records on the same computer network as the one used for other practice business. This is an issue when a practice is hacked, because those hackers don't have to jump from server to server to access medical information. Once inside a practice's networks, they likely have access to all of the practice's information.

Additionally, in many cases, practices are using out-of-date technology that doesn't receive security updates. We've also been surprised by the number of clients who have not encrypted their data. With all of these potential problems to manage, dental providers should develop a plan and find a partner to help them manage, protect, and store their data.


Unfortunately, most practice leaders don't think about this potential disruption until it occurs, and many, in our experience, are not prepared when it happens. Disruption and downtime can handicap a practice faster than most other internal problems. Practice leaders need to ask themselves: How long can my practice continue if my technology is disrupted?

To prevent or minimize these losses, practice owners need to consider the following questions:

  • How would the organization be affected by the corruption or loss of critical files?
  • How long would it take to recover data, if recoverable?
  • How devastating would a lawsuit for personal information loss be?
  • How long can the practice operate without access to critical information?

Once practice leaders have determined the answers to these questions, they need to ask themselves the logical follow-up: How can I prepare my practice?

“Most practice leaders don't think about this potential disruption until it occurs.”

To address these challenges, you need a plan. We advise our clients to develop a written systems/data recovery (SDR) plan that includes who is responsible, when the plan was last reviewed, and when it was last tested.

Cloud solutions

"It is not a case of if, but rather a case of when" is never truer than in the world of IT. When an organization's systems fail or are disrupted and data loss occurs, the impact will not be pleasant.

One step practices can take to prevent these disruptions is to remove the liability they have undertaken by managing their own hardware and technology in house. By moving their storage capabilities to the cloud, practices can upload critical documents, patient information, and business data, which can then be secured. Doing so protects practices from a plethora of problems, including failed hardware and infrastructure and the possibility of being hacked.

In most cases, secure, HIPAA-compliant cloud storage is more secure than data stored onsite. Cloud service providers often have more security protocols in place, and their business depends on their ability to protect the information they are charged with keeping. They have security resources that many individual practices are unable to maintain.

Lindy Benton is president of MEA|NEA|TWSG a provider of secure health information exchange, cloud storage solutions, and HIPAA-compliant healthcare communication solutions.

The comments and observations expressed herein do not necessarily reflect the opinions of, nor should they be construed as an endorsement or admonishment of any particular idea, vendor, or organization.

Page 1 of 524
Next Page