Cybercriminals have many opportunities to intercept confidential data either at rest or in transit. However, if your data is encrypted, they won’t be able to make any sense of it even if they succeed in getting their hands on it.
Like any other healthcare provider, dental practices must comply with HIPAA and HITECH legislation, which requires all communications to be encrypted. Since email remains the most popular method of exchanging confidential information like patient health records, it’s imperative that you take every possible step to secure emails. Relying on conventional perimeter defense measures like firewalls or consumer-grade protections that come with many email services is not enough.
What You Need to Encrypt
The National Institute of Standards and Technology has published a 139-page document on the subject of email security, with extensive details on what healthcare providers and their associates must do to secure electronic protected health information (ePHI). These steps include digitally signing emails to confirm the identity of the sender, encrypting the body of the messages, and encrypting all communications between mail servers.
To cover all the bases, it’s a good idea to have all communications encrypted using enterprise-grade cryptography algorithms. Using a third-party email encryption provider helps with this process using automated management.
Why Conventional Measures Aren’t Enough
Virtually every email provider uses transport layer security (TLS) encryption to protect emails in transit. It’s the industry standard in secure communications, but it’s not enough to protect emails containing ePHI as the law requires. Most significantly, TLS doesn’t encrypt data at the ready, which means archived emails might still be exposed to hackers. Ultimately, there’s no way to guarantee that the information will remain encrypted until it reaches its destination.
Another potential problem occurs when people reply to your messages, sending copies of the email originally received, which isn’t encrypted to the same standards. In other words, if you’re relying on TLS, you need to be very careful about who you communicate with.
Many businesses also use a virtual private network (VPN) to secure all communications over the internet. Again, a VPN adds a much-needed extra layer of protection, but it doesn’t provide a message-signing mechanism. However, since using a business-grade VPN encrypts everything, it does encrypt email header information, such as senders, subject lines, and recipients. It’s certainly not a complete solution, but using a VPN should be part of your overall cybersecurity plan, particularly if you have employees who are connecting to the internet through unsecured wireless networks.
How Does Encryption Work in Dental Practices?
To comply with HIPAA legislation, dental practices usually use public-key cryptography, which involves having a pair of keys associated with each email address. One key is used to encrypt the email, while the other is used to decrypt it once it reaches the recipient. The public key is kept on a key server that anyone can access, while the second key is kept private. This means that only the sender and intended recipient, being the only parties who have access to the private key, can access the email.
If the email gets sent to the wrong party by mistake, or somehow intercepted in transit, the information will be scrambled and, at least in practical terms, impossible to crack. To exhaust an entire 256-bit key space in the standard AES-256 encryption algorithm, it would take some 50 supercomputers 3×1051 years, by which time any would-be hacker would have run out of patience!
Pact-One provides dental practices with a multilayered approach to security which includes all the measures you need to ensure HIPAA compliance. Call us today to schedule your network security audit.
Dental IT. Remove the Burden. Embrace the Use.
Quality patient care – it's ultimately why you became a dental professional. But, some business operations can get in the way (such as pesky computer issues or lack of IT support). That’s where Pact-One Solutions can help! Our passion lies in supplying reliable, responsive dental IT support and security that practices can count on.
Whether you’re looking for dental IT services for your startup or searching for more responsive dental IT support – our team of dental IT specialists have you covered. With team members throughout the United States, we offer nationwide support to dental practices of all sizes. Our wide range of dental IT services ensure your data is secure, accessible, and protected.
Don't let technology challenges hinder your ability to deliver exceptional dental care. Contact us at info@pact-one.com or 866-722-8663 to join 350+ dental practices thriving with the support of a dedicated dental IT team.
