HIPAA Compliance When Transmitting Digital Files

mm Written by Andrew Sedler

HIPAA Compliance When Transmitting Digital Files
Communication is one of the most important aspects that will facilitate your successful relationship with a dental lab. In today’s world, communication is often in a digital form including images, prescriptions, .stl files, to name a few. Today’s world also brings concerns for data security and must include considerations for patient’s health information (PHI), especially from the perspective of HIPAA compliance.
There are several ways to transmit digital information to the dental lab. In this article, I will discuss some of the more common electronic data pathways but will focus on what we consider at Burbank Dental Lab to be the safest and most efficient pathway for HIPAA purposes.

What You Will Learn In This Article

  • 1
    What is a "covered entity" and what is a "business associate?"
  • 2
    Do you need a business associate agreement with dental labs?
  • 3
    What are the most common methods to transmit patient/case information to the lab, and what are the risks of each approach?
  • 4
    Using the Burbank Dental Lab Secure Client Portal

HIPAA violations are a serious matter.

In 2015, the first dentist to be fined for a HIPAA violation sent a warning to dental offices nationwide about the importance regarding HIPAA compliance. Interestingly, the penalty paid was not issued by the Department of Health and Human Services’ Office for Civil Rights (OCR), but by the Office of the State Attorney General.
Penalites for Texting in Violation of HIPAA
Some violations also carry criminal charges with them, resulting in jail time for violators.

What is a covered entity and what is a business associate?

"Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards. Generally, these transactions concern billing and payment for services or insurance coverage. For example, hospitals, academic medical centers, physicians, and other health care providers who electronically transmit claims transaction information directly or through an intermediary to a health plan are covered entities. Covered entities can be institutions, organizations, or persons.”

"Business Associate – A person or entity who, on behalf of a covered entity, performs or assists in performance of a function or activity involving the use or disclosure of individually identifiable health information, such as data analysis, claims processing or administration, utilization review, and quality assurance reviews, or any other function or activity regulated by the HIPAA Administrative Simplification Rules, including the Privacy Rule.”. . . "A member of a covered entity’s workforce is not one of its business associates. A covered entity may be a business associate of another covered entity.”

U.S. Department of Health and Human Services, National Health Institute

Do you need a business associate agreement with dental labs?

Human Services - Office for Civil Rights (OCR)  said, "a covered entity such as a dentist is not required to have a business associate agreement with another health care provider such as a dental laboratory when disclosing [protected health information] for treatment of an individual.” ADA News, OCR responds to question about dental labs, business associate agreements, March 22, 2017, by Jennifer Garvin
Burbank Dental Lab

LIMITED TIME SPECIAL

Implant Success Guide by Burbank Dental Lab

REQUEST YOUR FREE IMPLANT SUCCESS GUIDE TODAY

FREE Implant Success Guide

Burbank Dental Lab

Standard Methods for Transmitting Patient/Case Information to the Lab

Sending patient information via email, while it’s not a violation, it is a violation if reasonable precautions are not taken, and then the email is intercepted or read by someone without authorized access.
 

Solutions to potential email violations:

 

  • Use encryptions for your emails.
  • Double check that whomever that you are sending the email to is supposed to be receiving the email.
  • Use a secure server, and verify that the recipient has a secure server.
  • Make sure every device has some passcode or authentication log on.
  • Install encryptions and enable personal firewalls and security software.
  • Texting patient information is often desirable because patient data and images can be sent quickly. The convenience is substantially outweighed by the potential risk of exposing PHI to cybercriminals who could easily access this information, not to mention the casual observer seeing the protected data.
  • They could be sent to the wrong number, forwarded by the intended recipient or intercepted while in transit.
  • Copies of SMS and IM messages also remain on service providers´ servers indefinitely.

Solutions to potential texting violations.

  • If you need to use texting for instantaneous communication, it can be done with relative assurance that the data is safe and you are in compliance. To safely use texting you would need to use an encryption program that allows confidential information to be safely texted, but both parties must have it installed on their wireless device, which is typically not the case.
  • Data transmitted beyond an organization's internal firewall should be encrypted to make it unusable if it is intercepted in transit.
Faxing PHI can be done safely, but there are a few rules that you must follow to send protected information via fax:
  • Confirm the fax number - faxing PHI accidentally to the wrong fax number is a violation. 
  • You may only fax data to a covered entity or a business associate that has an active business associates agreement.
  • Here is the tricky part; you have to have assurances that the information is received in a secure location, by covered individuals. If you fax to a machine in an open area that is accessible to individuals that are not covered it is a possible violation.

Solutions to potential faxing violations.

  • Do not allow faxes to sit on public available fax machines.
  • Consider switching to a HIPAA compliant cloud fax service.

    T38 Fax over IP, a HIPAA-compliant fax service that uses encryption for secure, real-time transmissions with page-by-page confirmation.

  • Always use a cover page, to protect PHI from being exposed to people that should not see it. 
  • Keep an audit trail of all PHI that is transmitted.

The use of secure portals is a preferred method for sending information. This is the method Burbank Dental Lab strongly recommends when you are sending any patient information to the lab.

There are several benefits to using a secure portal to upload patient information:
  • The Burbank Dental Lab Portal is secure and HIPAA compliant.
  • Allows the uploading of large high-res image files, .pdf documents, text documents, and .stl files.
  • Additional benefits of the Burbank Dental Lab portal is case status tracking, tracking of shipments, account information, and bill paying.

Instructions for Using The Burbank Dental Lab Secure Portal

Begin by visiting the Burbank Dental Lab website at https://burbankdental.com.

In the upper Right, Click on Account Login (see below) which will connect you to the Burbank Dental Lab Customer Web Portal.

First Time: Register and Create A Username and Password

  • 1
    Complete the required fields


    Note: The information must match the information we hold on record for you in our system: You may check with our Customer Service Department to confirm this information:

    Customer ID,
    Email Address, 
    Office Phone Number
  • 2
    Create your username and password


    Portal Registration and Login

  • 3
    After Registration
    1. Log in to the Burbank Dental Lab Customer Web Portal.
    2. Locate the Tab  “Cases” in the pull-down menu select “Upload File Attachment.”
    3. You are now able to upload files/attachments and include any notes you deem vital for our technicians to know.


    Burbank Dental Lab Portal - Portal Upload Window

If you are in need of assistance, to set-up and access the Burbank Dental Lab customer portal, please feel free to contact customer service at 800.336.3053.

Keeping your patient’s health information secure is both an obligation to your patient’s privacy, and an essential legal practice safety practice. Burbank Dental Lab is dedicated to assisting you in keeping your patient’s information secure and to facilitating an easy to use workflow for communication that is essential to the successful creation of Smiles By Design.

Did you like this article?

Let us know by giving us a clap!

Top 10 Most Clapped Articles

Resource Center

Products

Slide 1

Fabrication
of the future
is here!

Burbank Dental Lab has three new state-of-the-art Carbon M2 printers. We are very excited about the options that these cutting-edge printers will allow us to offer our dental clients. Here are some of the advantages that these printers will begin to deliver to you and your dental practice.

Our New
State-Of-The-Art
3d Printers

Carbon offers a highly dependable 3D manufacturing solution for many dental applications with its breakthrough Digital Light Synthesis™ technology, enabled by a wide range of dental materials.

Fabrication
of the future
is here!

Burbank Dental Lab has three new state-of-the-art Carbon M2 printers. We are very excited about the options that these cutting-edge printers will allow us to offer our dental clients. Here are some of the advantages that these printers will begin to deliver to you and your dental practice.

Our New
State-Of-The-Art
3d Printers

Carbon offers a highly dependable 3D manufacturing solution for many dental applications with its breakthrough Digital Light Synthesis™ technology, enabled by a wide range of dental materials.