Has your practice implemented technology policies and procedures to prevent, detect, contain and/or correct security violations?
Does your dental practice keep records of its annual risk assessments, business associate agreements (BAA's), and security and privacy policies and procedures, keeping it all current and easily available to regulators upon request?
Does your dental practice have a current and complete notice of privacy practices that you distribute to all patients on paper and/or electronically?
Has your practice implemented policies and procedures to respond to and report breaches of unsecured PHI in compliance with the HIPAA security Rule, the HIPAA Privacy Rule, and the HIPAA Breach Notification Rule?
Do you perform annual privacy training for all employees that come in contact with PHI and annual security training for all employees?
Do you have any technology or service in place that would actively notify you of hostile or malicious activity on your computer network and server(s)?