On top of providing excellent care to patients, dental practices today are tasked with the care of ever more complex IT solutions. Complying with regulations like HIPAA, protecting patient health records, and managing stores of data from X-rays to insurance information are among the demands that dental practices have to meet.
Whether you outsource these tasks to a managed service provider (MSP) or you manage your data infrastructure in house with network attached storage (NAS) or other hardware, understanding backup best practices and the different options available to help you manage your practice’s data is important for your continued success.
Keeping your data safe and accessible doesn’t have to be complicated or expensive. In this post, learn more about records retention for dental offices and how you can implement some simple strategies to keep data safe and protected, including 3-2-1 backups, common NAS devices, and insight from an MSP that specializes in IT services specifical for dental practices.
How Long Should a Dental Office Keep Records?
When thinking about backup and data storage solutions for your dental practice, it helps to first have a good understanding of the records retention requirements for dental offices. The best way to understand how long a dental office should keep records is to check with your state board of dentistry. Regulations on records retention vary by state and by patient type.
Retaining records for at least five to seven years is good practice, but some states will require longer retention periods of up to 10 years. Specific types of patients, including minors, may have different retention periods.
Regardless of your state regulations, records must be kept for five years for patients who receive Medicare or Medicaid. If your state regulations are less than five years, plan to retain records longer for these patients.
Finally, it’s good practice to keep all records for patients with whom you’re involved in any kind of legal dispute until the dispute is settled.
What Is the HIPAA Regulation for Storage of Dental Records?
HIPAA does not govern how long medical or dental records must be retained, but it does govern how long HIPAA-related documentation must be retained. Any HIPAA-related documentation, including things like policies, procedures, authorization forms, etc., must be retained for six years according to guidance in HIPAA policy § 164.316(b)(2)(i) on time limits. Some states may have longer or shorter retention periods. If shorter, HIPAA supersedes state regulations.
How Long Does a Dental Office Need to Keep Insurance EOBs?
Explanations of benefits or EOBs are documents from insurance providers that explain the amounts insurance will pay for services. Retention periods for these documents vary by state as well, so check with your state dental board to see how long you should keep them. Additionally, insurance providers may stipulate how long records must be kept. As a general rule of thumb, the longer retention period supersedes others. The best advice—err on the side of caution and keep records for the longest retention period required by either state or federal law. Fortunately, cloud storage provides you with a simple, affordable way to ensure your retention periods meet or exceed requirements.
3-2-1 Backup Strategy
Understanding how long you need to keep records is the first step in structuring your dental practice’s backup plan. The second is understanding what a good backup strategy looks like. The 3-2-1 backup strategy is a tried and true method for protecting data. It means keeping at least three copies of your data on two different media (i.e. devices) with at least one off-site, generally in the cloud. For a dental practice, we can use a simple X-ray file as an example. That file should live on two different devices on-premises, let’s say a machine reserved for storing X-rays which backs up to a NAS device. That’s two copies. If you then back your NAS device up to cloud storage, that’s your third, off-site copy.
The Benefits of Backing Up Your Dental Practice
Why do you need that many copies, you might ask. There are some tried and true benefits that make a strong case for using a 3-2-1 strategy rather than hoping for the best with fewer copies of your data.
- Fast access to files. When you accidentally delete a file, you can restore it quickly from either your on-site or cloud backup. And if you need a file while you’re away from your desk, you can simply log in to your cloud backup and access it immediately.
- Quick recoveries from computer crashes. Keeping one copy on-site means you can quickly restore files if one of your machines crashes. You can start up another computer and get immediate access, or you can restore all of the files to a replacement computer.
- Reliable recoveries from damage and disaster. Floods, fires, and other disasters do happen. With a copy off-site, your data is one less thing you have to worry about in that unfortunate event. You can access your files remotely if needed and restore them completely when you are able.
- Safe recoveries from ransomware attacks. After hearing about so many major ransomware attacks in the news this past year, you might be surprised to know that most attacks are carried out on small to medium-sized businesses. Keeping an off-site copy in the cloud, especially if you take advantage of features like Object Lock, can better prepare you to recover from a ransomware attack.
- Compliance with regulatory requirements. As mentioned above, dental practices are subject to retention regulations. Using a cloud backup solution that offers AES encryption helps your practice achieve compliance.
Using NAS for Dental Practices
NAS is essentially a computer connected to a network that provides file-based data storage services to other devices on the network. The primary strength of NAS is how simple it is to set up and deploy.
NAS is frequently the next step up for a small business that is using external hard drives or direct attached storage, which can be especially vulnerable to drive failure. Moving up to NAS offers businesses like dental practices a number of benefits, including:
- The ability to share files locally and remotely.
- 24/7 file availability.
- Data redundancy.
- Integrations with cloud storage that provides a location for necessary automatic data backups.
If you’re interested in upgrading to NAS, check out our Complete NAS Guide for advice on provisioning the right NAS for your needs and getting the most out of it after you buy it.
Hybrid Cloud Strategy for Dental Practices: NAS + Cloud Storage
Most NAS devices come with cloud storage integrations that enable businesses to adopt a hybrid cloud strategy for their data. A hybrid cloud strategy uses a private cloud and public cloud in combination. To expand on that a bit, a hybrid cloud refers to a cloud environment made up of a mixture of typically on-premises, private cloud resources combined with third-party public cloud resources that use some kind of orchestration between them. In this case, your NAS device serves as the on-premises private cloud, as it’s dedicated to only you or your organization, and then you connect it to the public cloud.
Some cloud providers are already integrated with NAS systems. (Backblaze B2 Cloud Storage is integrated with NAS systems from Synology and QNAP, for example.) Check if your preferred NAS system is already integrated with a cloud storage provider to ensure setting up cloud backup, storage, and sync is as easy as possible.
Your NAS should come with a built-in backup manager, like Hyper Backup from Synology or Hybrid Backup Sync from QNAP. Once you download and install the appropriate backup manager app, you can configure it to send backups to your preferred cloud provider. You can also fine-tune the behavior of the backup jobs, including what gets backed up and how often.
Now, you can send backups to the cloud as a third, off-site backup and use your cloud instance to access files anywhere in the world with an internet connection.
Using an MSP for Dental Practices
Many dental practices choose to outsource some or all IT services to an MSP. Making the decision of whether or not to hire an MSP will depend on your individual circumstances and comfort level. Either way, coming to the conversation with an understanding of your backup needs and the cloud backup landscape can help.
Nate Smith, Technical Project Manager at DTC, is responsible for backing up 6,000+ endpoints on 500+ servers at more than 450 dental and doctor’s offices in the mid-Atlantic region. He explained that, due to the sheer number of objects most dentists need to restore (e.g., hundreds of thousands of X-rays), the cost of certain cloud providers can be prohibitive. “If you need something and you need it fast, Amazon Glacier will hit you hard,” he said, referring to the service’s warming fees and retrieval costs.
When seeking out an MSP, make sure to ask about the cloud provider they’re using and how they charge for storage and data transfer. And if you’re not using an MSP, compare costs from different cloud providers to make sure you’re getting the most for your investment in backing up your data.
Cloud Storage and Your Dental Practice
Whether you’re managing your data infrastructure in house with NAS or other hardware, or you’re planning to outsource your IT needs to an MSP, cloud storage should be part of your backup strategy. To recap, having a third copy of your data off-site in the cloud gives you a number of benefits, including:
- Fast access to your files.
- Quick recoveries from computer crashes.
- Reliable recoveries from natural disasters and theft.
- Protection from ransomware.
- Compliance with regulatory requirements.
Have questions about choosing a cloud storage provider to back up your dental practice? Let us know in the comments. Ready to get started? Click here to get your first 10GB free with Backblaze B2.