As experienced specialists in dental IT support, we come across some common questions regarding best practices for dental office design and network security. We have assembled the most common questions below.
This is a popular question, since attaching all of the necessary devices on a network result in a multitude of wired connections and cable clutter. However, there are many reasons why configuring your office to be entirely wireless is a bad idea. For one, having too many competing connections over the wireless airwaves result in unexpected slowdowns, bottlenecks, and lost connectivity. Each wired connection is guaranteed at a certain speed, but in a wireless configuration, all of your devices would be subject to one max connection speed for your internal network. Additionally, security in wireless connections can be more easily compromised. When a cable is used, end-to-end security is easily implemented and monitored.
Even if your workstations are not used to house patient data, it is almost a guarantee that there is incidental data that is as risk of breach on each system. This can take the form of email messages, Microsoft Excel or Word files, and Java, Flash, or Web-browsing history and cache data. Therefore it must be a standard that any PC being replaced go through DOD-level destruction. Windows disk formatting is not enough – your IT company can accomplish true DOD-level destruction through software solutions or by professional hard drive shredding companies, and they can give you the necessary documentation so you know where your data is, and how it is destroyed. If do-it-yourself data destruction is your preferred solution so that you never relinquish control of your patient data, then make sure your solution documents “DOD-Level” destruction of data.
In any business which utilizes a professional network, the threat of downtime looms as a potentially expensive loss of production. Contracting out to a dental IT company is a great way to make sure your systems are finely tuned, managed, monitored and supported. Some businesses still might not have a monthly IT budget in place, but the benefit of such a budget ends up being cost effective. Hourly rates for remote or onsite support many times can add up to hundreds of dollars more in support for a single incident than for a month of contracted services. Additionally, the cost of an inclusive IT support contract is much less than the cost of a part-time computer whiz, and it can include a selection of managed services such as server maintenance, event-log monitoring, managed anti-virus, email encryption, encrypted backup, remote/onsite support, and other needed services.
The power of leveraging the expertise of a dental IT company for your practice can not be understated. Many network design strategies do not comply with HIPAA, and additionally, many computer support solutions do not have any practical experience with the strict controls on data that are required for patient information. Additionally, a legally valid Business Associate Agreement as it applies to HIPAA is always required for any third party doing work in your practice. Going with dental or medical specific IT has all of these standards built in. Finally, going with dental IT experts ensures experience with dental imaging and practice management software, and most likely has direct connections to technicians within the software companies. This makes your dental tech support streamlined, using best practices set by the individual software vendors as well as by the hardware manufacturers.
We always recommend that you go straight to the source to learn about the law’s requirements – the HHS page on The Security Rule is a great place to start. dmi Networking also has a free checklist available on request, to make sure your data is in compliance.
Most practice management software solutions such as Open Dental, Dentrix, Datacon and Eaglesoft do not specifically require a Server Operating System. In fact, a Server OS is rarely specified as a requirement for any software solution. For hosting a HIPAA compliant and secure business network, however, a Server OS is required. A simple workstation, for example, does not have the network management protocols to enforce employee password compliance, encrypted network communications, and prospective logging of network activity which is required by HIPAA. A server OS is designed to implement and enforce the network requirements for data security.
As required by HIPAA’s Security Rule, all data must be encrypted, at minimum when in transport. What this means to you is that your backups must be encrypted beforeuploading to a cloud service. Additionally, when local backup media such as hard drives or USB drives are used, either hardware or software encryption must be in place. Consider a non-encrypted hard drive backup that is taken off-site at the end of the day: misplacing this drive or having it stolen results in breach of your entire practice. dmi Networking recommends deploying encrypted cloud backup as well as hardware encrypted drives for local backup. This assures that data is recoverable quickly, complies with HIPAA rules for network security.
Most PCs found online and at retail stores are configured with a “Home” licensed operating system, such as “Windows 7 Home”. However, the requirement for both Microsoft licensing and for network communication is that a business-class operating system such as “Professional” or “Ultimate” is in place. Home operating systems do not have the ability to connect to your network in a secure and compliant manner. Professional operating systems, however, allow network logging, password compliance and security enforcement as required by HIPAA.