Dntl Bar designed data protection into its record-keeping systems from the start: all our data-protection policies and procedures meet or exceed both HIPAA and GDPR requirements. We went the extra mile because we wanted to stay in compliance with the privacy regulations we’d encounter as we expand, but mostly because our patients deserved to know that their personal medical information would stay private.
There’s a special challenge when a patient is an employee. We offer employee discounts on products and services, and most of our staff take advantage of them. But that risks exposing their private medical histories to anyone with access to Practice Management data. Under our data-driven model, that’s practically everybody in the company!
The usual way to address an issue like that is by filtering: creating a second database with the protected information removed. But that eats up cloud storage, costs money, and adds another full-size database to synchronize, back up, protect, and manage.
We took a different approach. With Domo, we created a secure environment: an Employee Patient dashboard that locks out access to critical treatment data like description, code, medications, and so on. Only one person at Domo—an HR manager—has the key. The information is both protected and accessible if we need it.
Data-protection compliance is getting more complex as jurisdictions adopt new regulations and modify old ones. Domo gives us the flexibility to stay in compliance and protect our patients’ data without cumbersome and expensive IT workarounds. Employees are more comfortable using our services and confident that they are respecting the privacy of their patients’ personal information.