Book Appointment Book Appointment Book Appointment

HIPAA at Summit Dental

Below is a summary of how Summit Dental addresses HIPAA guidelines and standards.
Summit Dental follows HIPAA guidelines and standards for security and privacy, implementing physical and electronic safeguards, including encryption. Open Dental software is a tool to help you become HIPAA compliant. It is up to you to make sure your practice is secure. See HIPAA and Your Practice.
Summit Dental follows the NIST SP800-30 rev.1 protocol for risk assessments. This is the current, required protocol for analyzing potential PHI security risks. Following this protocol, we evaluate each risk’s likelihood and impact, and implement security measures to address them. Summit Dental actively reviews and edits a remediation checklist to document vulnerabilities and track the resolutions.

Our HIPAA procedures and policies are up to date and available

Summit Dental requires all employees to be certified on our policies and procedures. Our documentation addresses and enforces the requirements of the HIPAA Privacy and Security Rules and the HITECH Act.

Employees are actively trained to properly handle PHI

Summit Dental has an effective training program that is regularly updated to ensure all employees are properly trained in the HIPAA Privacy and Security Rules. Training is tracked internally. Summit Dental regularly audits all employees with access to PHI to ensure that data is properly handled, including but not limited to an annual audit plan. In the event of a disaster, Summit Dental is prepared to implement contingency operations and facility security plans.

Summit Dental and PHI

In the process of providing customer support, Open Dental employees may be exposed to PHI, including but not limited to customer databases collected for debugging, troubleshooting or conversions; screenshots showing patient information; X12 files (insurance batch files); and EOBs. All instances of data transit used for customer support are HIPAA-compliant and encrypted. We do not use email for data transit because it is not HIPAA-compliant, even if using SSL. Email is not encrypted from the email server to the recipient. If data is stored for any reason it is encrypted.

Business Associate Agreements

Summit Dental provides a standard Business Associate Agreement. This agreement is for our customers whose PHI we may come in contact with. See HIPAA and Your Practice.

Common Questions Asked About Summit Dental’s HIPAA Policies

Are your HIPAA policies and procedures up to date, effective and available?
Yes. Our policies and procedures are updated regularly and available for all employees.
Is your HIPAA training effective and up to date?
Yes. All employees are certified through an ongoing training program.
Has a risk assessment been conducted? If so, how often does Summit Dental perform internal Risk Assessments?
Yes. We perform one at least every 18 months, usually about once a year. The most recent date is shown above.
Did Summit Dental’s latest risk assessment identify any vulnerabilities that would subject our office to risk of a data breach?
No. Any vulnerabilities detected during our risk assessments are immediately addressed. To date, nothing that could put an office at risk has been detected.
Do you have an ongoing auditing and monitoring program for HIPAA Privacy and Security?
Yes. Workstations with access to PHI are regularly audited.
Does Summit Dental have a policy in place for employees who fail to comply with HIPAA security policies and procedures?
Yes. Disciplinary action will be taken against staff that do not comply with the privacy policies and procedures made to protect protected health information.
As part of my HIPAA diligence, I need to know if Summit Dental is covered by insurance if there is a HIPAA breach. Does Summit Dental have Cyber Liability insurance?
Yes.
Have you conducted due diligence on your business associates?
Yes. Summit Dental very rarely shares PHI with any third party, and never shares it as structured data, so we do not normally have to conduct due diligence with respect to PHI and HIPAA. The two current exceptions are:
  • Screen sharing software that captures encrypted video stream which could contain PHI
  • Electronic prescribing (not legacy)
We have conducted due diligence for these two third parties and have Business Associate Agreements on file with them.
Has Summit Dental adopted a formal approach to information security supported by one or more information security policies?
Yes. Summit Dental has multiple internal security policies, which all employees must be trained on.
Has Summit Dental been subject to any investigations relative to a breach of privacy that resulted in penalties?
No.
Is Summit Dental aware of any incident involving a potential or actual breach of patient privacy under HIPAA regarding protected health information?
If such incidents occur, the customer is immediately notified within 72 hours per policy. If you have not been notified, then this has not happened.
Is Summit Dental aware of any incidents involving a potential or actual breach of patient data on customer systems?
We do not track customer data or how it is used with respect to their office.
Has an independent review of Summit Dental’s information security efforts been conducted?
No. Third party reviews are not a HIPAA requirement.
Does Summit Dental’s HIPAA Compliance Officer and Security Officer have sufficient HIPAA training?
Yes.
How does Summit Dental stay up to date on security threats and technologies?
Our security team researches new threats and technologies and issues internal updates regularly.
Does Summit Dental have a plan in place in case of a security breach?
Yes. All employees are trained accordingly.
Are physical controls in place to safeguard PHI?
Yes. Multiple layers of physical security exist.
Are remote connections encrypted?
Yes.
Is PHI access regulated based on employee roles?
Yes. Access is limited to what is necessary.
Do you maintain a PHI disclosure log?
No. This is not required for business associates.
Do you regularly review or update your contingency plan?
Yes. Reviewed at least annually or after significant events.
Do you perform screening procedures and background checks on new employees?
Yes.
Is PHI access revoked upon employee termination?
Yes.
Do you have policies and procedures to detect and respond to security events?
Yes.
Do you utilize antivirus software?
Yes. All systems are protected and monitored.
Do you assign unique identifiers for users?
Yes.
Do you protect PHI from unauthorized modification or destruction?
Yes.
Are passwords required for PHI systems?
Yes.
Do you allow personal devices on PHI networks?
No.
Do you send PHI outside your network?
Yes, but only securely and rarely with proper agreements.
Are there public workstations?
No.
Do you maintain an inventory of PHI devices?
Yes.
Do you require PHI removal before recycling media?
Yes.
Do you document policy changes?
Yes.
Do employees require ID for ePHI access?
Yes.
Can vendor agreements be terminated if violated?
Yes.
Are emergency access systems in place?
Yes.
Do you log facility access?
Yes.
Are job roles clearly defined for security duties?
Yes.
Do you send security reminders?
Yes.
Do systems monitor login failures?
Yes.
Is ePHI protected during emergencies?
Yes.

Additional Notes

How does Summit Dental address encryption?
See Encryption of Data at Rest and in Transit.
Does Summit Dental cache PHI locally?
No. PHI is not cached on local workstations, though third-party tools may temporarily create local files depending on usage.

A List of Things We Don’t Provide

Summit Dental maintains documentation for internal use only. For security purposes, we do not provide:
  • HIPAA Compliance Officer contact details
  • Full employee lists
  • Training logs per employee
  • Internal signatures
  • Custom questionnaires at scale
  • Security Risk Assessment details
  • Remediation Plan
  • HIPAA Master Policy and Procedure Manual
  • Training Materials and Logs
  • Network Vulnerability Scan
  • Incident Response Plan
  • Disaster Recovery details
  • Risk classification methodologies
  • Employee termination procedures
  • PHI access revocation procedures
  • Encryption methods
  • Password policies
  • PHI disposal policies
  • Physical security details
If you want, I can next:
  • Convert this into a clean Webflow CMS page structure
  • Or compress it into a short public-facing HIPAA summary page (better for patients)
  • Or make a multi-practice auto-generator so you just paste a name and it outputs instantly

 

iconHhshhs.gov/hipaa/filing-a-complaint/index.html

Contact Information

If you have questions about this Notice or your rights, you may contact Big Boca Smiles LLC directly through our office.
Our Services
General Family Dentistry
Cosmetic Dentistry
Emergency Dentistry
Laser Tongue Tie Procedure
Restorative Dentistry
Preventative Care
Dental Implants
Root canal therapy
Laser-Assisted Dental Treatments
Dental Hygiene Services
Botox Treatment
Contact Us
Monday - Friday 08.00AM - 5.00PM
91 County Road Suite 4, Scarbrough Maine 04074
hello@summitdentalmaine.com
About Us

At Summit Dental, we’re dedicated to providing high-quality, personalized dental care for patients of all ages. Our skilled team uses the latest technology to ensure comfortable, efficient treatments and beautiful, healthy smiles for life.