I received an e-mail from an office requesting a copy of the HIPAA Business Agreement that I had offered in a recent blog post, CLICK HERE to view. She also asked me what other steps she should be taking to make sure her office was doing their best to meet HIPAA standards. Here are the top 3 things that I see not being utilized in Dentrix offices that could greatly increase compliance with HIPAA requirements.
1. PHI Protected View in the Treatment Rooms – When I go into an office to do clinical training, one of the first things we do is set up a view for the monitors in the treatment rooms that will help your office meet HIPAA standards. It is so easy, but isn’t done in so many practices. From the Appointment Book click on View > then either select new or F1 and edit > then on the right side of the screen there are several dropdown menus. Make sure line 1 is Name, lines 2-4 is Appt Reason, then lines 5-9 say None. (See image).
2. Set up Administrator and User Passwords Make sure your office is using the Password feature in Dentrix. If you have access to the Dentrix Resource Center Knowledgebase, go to Article #18386 or I can send it to you if you e-mail me at Dayna@raedentalmanagement.com.
From the Office Manager, click on Maintenance > Practice Setup > Passwords. If you are setting up passwords for the first time, click Practice Passwords Setup and then select Enable passwords. This will turn it on. If you are updating your team members, click User Password Setup.
Here are my recommendations for security rights within the dental team:
Doctor – If the doctor is the owner of the practice, he or she should have all rights. If the doctor is an associate, he or she should have all rights except the right to clear the audit trail.
Office Manager – The office manager will have to manage the practice in the absence of the doctor. Therefore, she or he should have all rights except to clear the audit trail.
Front Office – The front office team will need to perform most of the duties in the practice. The office manager can delegate these rights based on job description or longevity in the practice. Team members could have all rights except Administrative, Audit Trail Clear, and Time Clock management.
Back Office – The clinical team only needs security rights to perform their job duties. They should not have the rights for Administrative, Audit Trail, Time Clock Management, or deleting anything (appointments, charges, payments, prescriptions, notes, etc)
3. Mask or Hide SSN# - This is a fairly new feature in Dentrix G4. For a full description of this feature in the Dentrix Resource Center, go to Article #46462 in the Knowledgebase.
Go to the Office Manager > Maintenance > Practice Setup > Preferences. On the right side of the box, check Hide Social Security Number, then in the dropdown menu, select if you want to hide it completely, mask completely, or mask all but the last 4 numbers. This will provide you security in a few areas of Dentrix.
Patient Route Slips – the SSN will be hidden or masked on these papers
Coupon Books – If your office is using coupon books from the Future Due Payment Plans or Payment Agreement features in Dentrix, the SSN will be blocked out.
Chart Labels – If your office is printing chart labels from the Quick Labels, the SSN will be hidden or masked here.
By implementing these three simple processes in your Dentrix system, your office will be more compliant with the ever-changing HIPAA Privacy and Security Rules.
CLICK HERE if your office needs HIPAA training or Risk Analysis.
Dayna loves her work. She has over 25 years of experience in the dental industry, and she’s passionate about building efficient, consistent, and secure practice management systems. Dayna knows that your entire day revolves around your practice management software—the better you learn to use it, the more productive and stress-free your office will be. In 2016, Dayna founded Novonee ™, The Premier Dentrix Community, to help cultivate Dentrix super-users all over the country. Learn more from Dayna at www.novonee.com and contact Dayna at email@example.com.