Title: Technically Speaking
Subtitle: Tech Q&A with Greg Feutz
Greg Feutz is President of DDS Integration; a Grand Rapids based Dental Technology Company.
Encryption. We keep hearing that word. It’s the answer to protecting our precious patient information. HIPAA says we better have it in place. Great! What is it? How do I get some?
*Note: This will also be on our blog (ddsintegration.com/blog) where the links will be live, perhaps easier than typing them J
What is it?– Gibberish, that’s what it is.
Actually, it kind of sort of is. Encryption makes your data appear like gibberish. Ever open a word document with the wrong version of word and it looks like a bunch of wingdings or something? That’s more or less what encryption does to your data for those that don’t have the encryption key. The basic premise is to keep your data readable to those who are trusted but gibberish to everyone else. That way, if it’s ever lost or stolen they really can’t do much with it.
How do I get some? – It’s easy! Just call up your favorite DDS Integration and they’ll hook you up!
But seriously, any tech company that does anything with Dental offices should be able to take care of this for you. Here’s what you should get, in my suggested order of importance:
· Backup encryption – Those little drives that you probably take home every night with your backup on them, you know? Those, in my opinion, are your greatest risk of having your data lost or stolen. Your backup software should encrypt those. However, it probably does not based on what I typically see. Get a newer, image based backup software that can encrypt your backup. We use Macrium Reflect because of it’s overall great/fantastic/awesomeness.
o Also, consider a fireproof/waterproof backup drive that you don’t even need to take home. Iosafe makes pretty affordable 3TB versions that are plenty of space for most practices.
· Email encryption – Now you’re not going to lose more than 500 patient records via email (probably) but this would be a perfect place for a disgruntled patient to tip off HIPAA that you’re not in compliance, thereby opening the possibility of an audit. So, it’s important to encrypt any email you’re sending with patient information on it. Most are a pain because they require passwords and keys, but a few that we’ve found do not. Those are Zsentry (we currently implement) and Virtru (we’re testing).
· Server encryption – This is important because all your data (hopefully) is stored here. It is unlikely that your server would be stolen, but it is possible. Therefore your server should be encrypted. With Server 2008 and Server 2012 this is easy since they have Bitlocker built in. Otherwise you can use Veracrypt (replacement to Truecrypt) to do the job. We’ve found Bitlocker to be easier and less likely to interfere with backups, but both can be made to work.
o If your server is a workstation/server running Windows 7, you can upgrade to Windows 7 Ultimate ($100 or so) which then includes Bitlocker.
· Workstation encryption – Hopefully you’re not storing anything on workstations, but in many cases I’ve seen there are xrays or letters sitting on the desktop. Like the workstation/server above you could upgrade to Windows 7 Ultimate or use something like Veracrypt. I’ve yet to have a Practice go to this length.
Again, backup, email, and server encryption are the big 3 in my book (figuratively I don’t really have a book). They’re not terribly costly or difficult to implement and live with. “Excitement/new shiny thing meter” will read between 0 and 1 but “risk/big fine” meter will likely do the same. Bottom line: If you’re 1)A dentist, 2)Have patients and 3)Keep records of your patient visits, you should really be using encryption. Only you can access whether you meet those criteria J
Thanks for reading. Is your data encrypted?
What are your thoughts?
Comment on our blog or Facebook article. We’d love to hear your opinions on Encryption.
Facebook: facebook.com/ddsintegration Blog: ddsintegration.com/blog