Cybersecurity and Data Privacy in the Dental Office
I think it is time for some Geeky Content! You know… the good old HTTPS, Java, React, etc. Don’t worry, I will do my best to keep it short and simple. I am writing this blog for several reasons. To begin with, I truly enjoy the geeky part. But, more importantly, cybersecurity and data privacy practices are essential and required by several government agencies and governing bodies. Last but not least, I have had several patients ask me about it, so I thought this would be the perfect time to share my fair share of knowledge!
As a dentist and oral health care practitioner, it is my duty to ask my patients to virtually fill out some forms via our website – forms that tend to include lots of private and confidential information. This information eventually ends up in our office and on our computer. It is crucial that this information remains secured and encrypted as it travels from the source to the receiver. Let me break it down for you… (now is the perfect time to grab your cup of coffee, tea or even some popcorn!)
Let’s start with the website. It is secured and you can and should always double check that. This can be done by searching for a Padlock or Lock next to the website name (see picture below). This lock icon indicates a secure mode where communications between browser and web server are encrypted. This type of connection is designed to prevent anyone from reading or modifying the data you exchange on the website.
Now that the information has been securely transferred to the web server, in our case - Amazon Web Services, it gets stored at S3 bucket (a public cloud storage). The information stored here is closed to public and maintains compliance programs, such as PCI-DSS, HIPAA/HITECH, FedRAMP, EU Data Protection Directive, and FISMA. Server-side encryption protects data at rest and Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it rotates regularly. Amazon S3 server-side encryption uses one of the strongest block ciphers available to encrypt your data, 256-bit Advanced Encryption Standard (AES-256).
The last piece of the puzzle is receiving the information. Is it through email? Well, we all know that emails are generally not secure, which seems very strange, but that’s a topic of its own… maybe my next blog post! But for now, let’s get back to business. In order to secure the last leg of this path, we created a password protected link to the information that we receive via email. This means that even if somebody were to receive the email or intercept it intentionally or by accident, there is nothing to see but a password protected link.
Now we not only have a secure cloud storage for all the information, but we also have a backed up local copy and remote backups. What is shown below is a 3-2-1 concept for backing up information, all of which are secured and not open to public.
Although we implement the best practices for data security, data breaches and cyber-attacks are harsh realities of today’s modern world. All we can do is implement the latest security protocols and ensure they are updated on a regular basis. If that is not enough, you can still download, print and manually fill out the forms and then fax, mail or drop it in-person.
The rise in digital technology, digital healthcare and paperless office systems have brought tremendous benefits, but they also come with hidden risks. In today’s technology-rich environment, it is our responsibility to understand and make cybersecurity a priority.