There are several vendors out there when it comes to digital forms and paperless office. So far, those vendors have yet to provide information acceptable for completing HIPAA , until today. Enlive Dental provided the following information in regards to how they handle HIPAA.
How Enlive Dental Uses and Protects your ePHI
First a little about what we do and how our software works
The Enlive Dental suite of software consists of two iOS apps available for free download on the iOS App store. A license registration must be purchased to use the full, unlimited versions of the apps.
The apps are Enlive Patient Forms and Automated Dentist. The app you use depends on your practice management software. Automated Dentist app is for use with Open Dental PM Software only, and Enlive Patient Forms are for use with all other PM software.
The iPad apps are used in office only and utilize your wireless network. Information is transferred from the forms a patient fills out in the app itself, to your practice management software, and from your practice management software to the app, via the wireless network. Enlive recommends a secure, private, wireless connection to be compliant.
In the case of the Automated Dentist app, no information is stored on the iPad, ever. All information syncs back to Open Dental as it is completed. This provides assurance that no ePHI will be compromised in the event an iPad is stolen.
The nature of the Enlive Patient Forms App makes it necessary to keep a copy of the forms that have been filled out. A copy of every patient form completed in the previous 48 hours is kept on the iPad, inside the app. This safeguard is to prevent patient information from being lost after a form is filled out and a circumstance arises prior to it being transferred to the workstation. Circumstances that may prevent transfer of information to the desktop include power outage, workstation software being closed, loss of wireless signal, etc. These forms that are saved are encrypted at rest. This means that even office staff would not be able to open and read the forms. They may be sent to the office via email, and they are encrypted in transit. They can ONLY can be sent to the office email provided by the office at set up. OR they can be sent directly to the workstation in office via the wireless network.
Enlive also provides an office web portal for users of any practice management software other than Open Dental. Open Dental users will continue to use Open Dental's Webform Service in conjunction with the Automated Dentist app.
The purpose of the Enlive web portal is for filling and receiving patient forms prior to your patient arriving at your practice. This 'portal' is actually a secure server. All information that is contained on this server is encrypted.
The online web portal has two options. The first option works by directing your patient to your website to click a button and fill out forms. Enlive will create a widget or an url link to your specific forms on the secure server. This link can be given to your webhost or web designer. They can add a button to your website for patient forms. When a patient goes to your office website and clicks that button, they will open a window that will have them click the forms they want to fill out. When they click the forms, they are filling blank forms out inside that secure server. When the patient finishes, signs and submits the forms, they will closed out of the server. A patient will only ever see their own forms, and will only ever be presented blank forms to fill out. There is no transfer of information from your practice management software to the online forms.
The completed forms are NOT sent via email to your office, the forms are still on the secure server and your staff must retrieve them. Your office will receive a notification email stating that a patient has filled forms out, but the forms are NOT attached to that email. Your office will log into the server with a private username and password and download the forms directly to your desktop. Then using the Enlive software that is installed on each workstation, your office can import all forms and patient information directly into your practice management software, or choose where you'd like those forms to be saved.
The second option available for capturing patient forms prior to the arrival of the patient in your office, is the 'Request' option. When your staff logs into the web portal they can send a 'request' via email or text to a patient, from within the web portal, with the required forms attached for the patient to fill out. Your office can set a date and time deadline for the submission of those form. The patient will receive a message advising that they have been requested to fill out forms by your practice. When the patient clicks the link, they are automatically logged into that secure server, and again, they are presented blank forms to fill out and sign. They are logged out of that server when they submit their forms. As above, the completed forms are NOT sent via email to your office, the forms are still on the secure server and your staff must retrieve them. Your office will receive a notification email stating that a patient has filled forms out, but the forms are NOT attached to that email. Your office will log into the server with a private username and password and download the forms directly to your desktop. Then using the Enlive software that is installed on each workstation, your office can import all forms and patient information directly into your practice management software, or choose where you'd like those forms to be saved.
Q & A
What happens if someone steals an iPad? Will my patients information be breached? No. There is no identifiable ePHI kept on the iPad
There are options for the patient to email themselves the forms. Is this using encrypted email? No, it is not encrypted email. Although most email is encrypted in transit, using an encrypted compliant email also involves verifying that the receiver of the information is the intended recipient. It is not a HIPAA violation for the patient to choose to email themselves their own forms as they are entering or updating their own email address and thus they are verifying they are the intended recipient. Choosing to email their forms to themselves demonstrates consent to do so.
Does the information from the iPad use the internet to pass the information to our workstations? No, it is only using the wifi in your office. In fact, if the internet goes down, you can still use our app in office as you usually would.
We will be using the online portal. Please explain what you mean by secure server? The server that the patient logs into to fill forms out is secured in a data facility with stringent security protocol. The patient information on that server is encrypted. What this means is even if someone could access that particular server, physically or virtually, they would not be able to read that information. The only way to access that server to retrieve the information your patients fill out, is with a username and password. This is the 'key' that unlocks the encryption. Your office will create a username and password to access your secure server. Long story short, that information never leaves that server. The server itself is 'locked' to anyone without a 'key' to get in. If someone accessed the server, they still couldn't read the information contained therein as that information is also encrypted.
How long do you keep our ePHI on your secured server? That information is always there for you to access. Your office would choose to delete information from the web portal, and thus the server. If your Business Associates Agreement requires the destruction of that information after you cancel your contract with Enlive, we will delete as required in that contract.
What happens if a natural disaster or a power outage shuts down that secure server? There are back-ups to a remote secure server as well. If something happens to the main server, there are multiple copies of those files- again, all encrypted- that can be used to reinstate your access to ePHI.
How do you know these back ups work? They are tested on a regular basis to ensure that if needed, they are viable and accessible.
Will you sign a Business Associates Agreement? Yes
Enlive Dental is committed to the privacy and security of your ePHI, and follow the standards and requirements set forth the HIPAA Privacy and Security Rule, The HITECH Act and the final Omnibus ruling.
Look at your HIPAA Notice of Privacy Practices. If it is dated prior to 2013, it's not compliant ...
All over the US, healthcare entities are receiving an email threatening to detonate a bomb unless money is ...
How would you feel if you were plunged into a potential data breach through no fault of your ...
Check out our guest article for The Cutting Edge, The Official Magazine of the Santa Clara County Dental ...
Start your journey to compliance by directly interacting with our experts. With extensive years of experience in making dental practices HIPAA Compliant, we provide everything from start to finish to make you compliant, safe, secure, and confident against data breach. Look no further, begin your training today by scheduling a class with our experts!