Policy on Pediatric Dental Office and Personnel Security

Purpose

The American Academy of Pediatric Dentistry (AAPD) recognizes emerging threats to the security of
pediatric dental offices. This policy intends to promote physical, administrative, and technical safeguards to support a safe and secure pediatric dental office. This policy is not intended to duplicate patient treatment considerations that appear in the AAPD Policy on Patient Safety¹.

Methods

This document was developed by the Council on Clinical Affairs and is based on a review of current dental literature related to dental office safety and security. A literature search was conducted using PubMed®/MEDLINE with the terms: workplace safety AND dentistry; occupational violence AND oral healthcare worker; cybersecurity AND dentistry; field: all fields; limits: within the last 10 years, humans, English. One hundred ninety-three articles matched these criteria. Expert and/or consensus opinion by experienced researchers and clinicians also was considered. 

Background

The environment in which dental care is delivered impacts the security of individuals as well as business operations. Dental practices must be in compliance with local, state, and federal laws pertaining to facilities (e.g., building codes), Occupational Safety and Health Administration (OSHA) standards² (e.g., bloodborne pathogens, radiation exposure) that help protect personnel, and the Health Insurance Portability and Accountability Act of 19963 that protects personal health information of patients. However, pediatric dental offices are vulnerable to a variety of threats beyond these regulated security considerations (e.g., criminal intrusion, environmental extremes). Although measures and safeguards have been developed to provide a secure environment for schools and businesses⁴, strategies to enhance office security for the safety of employees, patients, and visitors in dental practices remain largely underexplored.

Security can be categorized as administrative, technical, and physical. Administrative measures are the policies and procedures that align with the security goals of an office. Hiring practices and staff training are examples of administrative controls. Technical controls involve software firewalls and encryption measures to prevent access to sensitive information such as personally identifiable information or financial records.⁵ Physical security includes measures designed to protect personnel and property from damage or harm from criminal intrusion, environmental extremes, and natural disasters. Alarms, locks, and structural modifications are examples of physical security measures.⁶

Over the past decade, cyberattacks have occurred in healthcare settings, resulting in disruption in medical treatment (e.g., processing of prescriptions⁷ ) and business operations (e.g., electronic insurance claims⁷ ) as well as financial or data loss.^8-10 Cybercriminals are motivated to target healthcare providers as they have the potential to extract ransoms in exchange for protected health information pirated from dental offices and other medical facilities. Unfortunately, staff can also pose threats to the financial security of the dental office by fraudulently appropriating money or resources or by any form of embezzlement from a practice.¹¹ The American Dental Association published guidance⁵ on internet security risks which included:

• establishing multifactor authentication;
• conducting frequent scans for malicious codes;
• ensuring antivirus and antimalware programs are used and updated;
• enabling filters to block spam and prevent email phishing attempts; and
• establishing network security filters to detect and prevent intrusions.

Violence in healthcare and other community settings is an under-addressed public health threat.^12-14 Because the incidence of workplace and school violence has increased in recent years¹⁵, strategies to prevent and manage violence in the dental office are desperately needed. Yet, the guidance on mitigation strategies remains unclear.^16,17

Dental team members and patients may be exposed to aggressive or harassing behaviors (nonsexual or sexual) from other patients, patients’ family members, visitors, and employees.^12,18,19 Dissatisfaction with service, treatment outcomes, fees, or appointment times or a perceived lack of respect may contribute to aggression or even violence in healthcare settings.^20,21 Patient aggression, including both physical and nonphysical actions, may lead to altercations and bodily harm.¹⁷ Furthermonre, nonverbal (gestures), verbal (comments), or physical conduct of a sexual nature jeopardizes the well-being of victims and creates an intimidating or hostile workplace environment.²² Policies regarding harassment prevention, de-escalation strategies, and emergency procedures (e.g., crisis prevention techniques) may help avert workplace violence and harassment.^18,23 Workshop-based training can equip dental team members with the necessary skills (e.g., communicationbased techniques) and universal strategies (e.g. maintaining a safe distance, use of code words or phrases) to reduce potentially threatening situations involving aggression or violence.²⁴ Staff members can practice de-escalation techniques and interventions through role-playing simulated scenarios, an approach that has demonstrated efficacy in reducing incidents of workplace violence.²⁴

Active shooter incidents threaten life, safety, and security and emotionally devastate affected communities.²⁵ Clinicians typically are not prepared for active shooter incidents and benefit from training.²⁶ Active shooter training provided to staff can include management of patients (e.g., plans on moving patients during an emergency) and how the staff will respond if an active shooting event occurs. Active shooter response options incorporating principles of Run, Hide, and Fight have been developed for shooting response training.^27,28 Plans such as communication with law enforcement, securing areas to make them safe from entry, and evacuation could be part of office training.¹⁵ Additionally, staff can gain life-saving skills beyond cardiopulmonary resuscitation (e.g., hemorrhage control [STOP THE BLEED® ²⁹]) through training, which could be used to stabilize victims in emergency situations. Resources on active shooter training can be found through the Cybersecurity and Infrastructure Security Agency and The Department of Homeland Security.^4,25

Dental clinics can be vulnerable to environmental threats (e.g., extreme temperatures, lightning, high humidity) and natural events (e.g., floods, hurricanes, tornados, earthquakes). Administrative controls can be established to enable office staff to quickly and decisively respond when these events occur, and physical controls such as structural modifications to buildings can be used to mitigate property damage. The AAPD Disaster Preparedness Resource Hub³⁰ provides helpful information to prepare for emergencies and includes action plan templates, emergency checklists, and the latest research on assisting children during times of crisis. Forethought and preparedness are critical to minimizing risks of harm during an emergency. Training ensures that employees know what to do when there is an emergency or business operations are disrupted.

Emergency planning and preparedness may include steps such as:

• developing contingency action/emergency plans.
• involving staff in plan development to encapsulate the scope and promote employee understanding.
• assigning employee roles for response to acute threats (e.g., moving patients to safety, notification of rescue personnel).
• applying de-escalation tactics to deter aggressive or violent behaviors.
• maintaining current roster of contacts/emergency response personnel.
• signing up for alerts on current dangers (e.g., weather, active shooter).
• training on recognition of hazardous conditions and safest locations during emergencies.
• training on proper use of safety equipment (e.g., fire extinguishers, N95 respirators).

Like other healthcare settings, dental offices are vulnerable to theft and property loss or damage, especially if security and surveillance controls are not in place. Physical security measures protect against intentional acts of destruction (e.g., theft, vandalism, arson). The presence of computers, office equipment, and controlled substances can make pediatric dental practices attractive targets for theft. Additionally, the theft of dental records can compromise privacy and lead to financial or medical identity theft.³¹

Policy statement

The American Academy of Pediatric Dentistry encourages pediatric dental practitioners and/or facility administrators to:

• create a workplace safety plan that includes protocols to mitigate risks of administrative, technical, and physical security threats.
• adopt a zero-tolerance policy to promote a safe and respectful working environment.
• regularly schedule emergency training exercises to keep the team ready and retrain when there is a change in the workplace safety plan, personnel, or infrastructure or with foreseen problems.
• join local emergency management teams to support community response plans.
• reference the AAPD Disaster Preparedness Resource Hub, the Cybersecurity and Infrastructure Security Agency, and The Department of Homeland Security for helpful information to prepare for emergencies.

In addition, the AAPD supports research in the dental setting which focuses on developing, implementing, and evaluating workplace harassment and violence reduction initiatives, cyber-intrusion reduction initiatives, and disaster preparedness and planning in the event of a weather or natural disaster emergency.