The ADA and Your Practice’s Website
By Ali Oromchian, JD, LL.M.
The Americans with Disabilities Act (ADA) protects disabled Americans from being subjected to discrimination due to their physical limitations. For example, the ADA mandates that public business locations (including medical and dental offices) must be handicapped accessible. These requirements ensure that all patients have access to the same services, regardless of disabilities. But while most business owners are aware that they must take steps to make their services available to those with disabilities, many do not realize that the ADA also covers accessibility via the web.
The accessibility requirements pertaining to websites come from Title III of the ADA, which states that any business which is a “place of public accommodation” (a definition which may include dental practices) must provide equal access to services. The Department of Justice has determined that Title III requires that websites must be designed to be accessible to those with hearing, vision, or other physical disabilities.
One factor which is complicating this arena of Title III laws is the absence of clear website regulations from the DOJ. Under President Obama, the DOJ had stated that proposed regulations for websites subject to Title III would be issued in 2018. However, President Trump has issued an Executive Order entitled “Reducing Regulation and Controlling Regulatory Costs,” which essentially requires that two prior regulations be repealed for every new regulation to be implemented. This new executive order makes it unlikely that regulations applying to public accommodation websites will be issued under the original timeframe.
This does not, however, mean that your website does not have to comply with the ADA; to the contrary, it simply makes it more difficult to know for certain what does and does not qualify as a compliant website. Regulations reduce uncertainty and set clear guidelines for businesses to follow (as well as provide a timeframe for businesses to become compliant). Therefore, in the absence of regulations, businesses are left to use their best judgment in terms of avoiding lawsuits and demand letters due to allegedly inaccessible websites.
While the DOJ has yet to produce regulations outlining the exact requirements for accessibility, there are some guidelines which you can follow to increase accessibility for all of your patients. Here are some suggestions to make your site more accessible:
1. Consider adding an accessibility link
You can use a link to give those with disabilities instructions on how to access your content. This may include advising them to contact your office in person or on the phone. You should instruct your employees how to respond to such inquiries, such as by assisting with forms or reading web content upon request.
2. Make your text easier to read for the sight-impaired
You should ensure that the text on your website can be enlarged simply, and that you have a high-contrast option to make the text easier to read. If you use pictures, you should include text descriptions alongside or beneath them. You should also make changes for those who are hard of hearing, such as by providing audio descriptions and transcripts of any videos used on your site.
3. Work with a designer to make your website more accessible
A good web designer will know how to add components which make your website accessible to those with disabilities. You should also ensure that any new contracts you sign with web designers include that the site will be ADA-compliant.
Finally, note that if you receive a letter from an attorney alleging non-compliance, you need to take it seriously. Not only will doing so lessen the likelihood of your facing penalties, it is just good business when it comes to your patients. Take note of any demands which are made in the letter. If, for example, the letter simply demands compliance, then you could always take your website down temporarily while it is made compliant. Doing so would of course be an inconvenience, but it is preferable to a lawsuit. If the letter makes a monetary demand or threatens legal action, then bring it to the attention of your attorney right away.
Ensuring that your website is in compliance with Title III of the ADA may require making some changes, but your practice will be better off in the end for having done so.
Ali Oromchian is a dental attorney at the Dental & Medical Counsel, PC law firm and is renowned for his expertise in legal matters pertaining to dentists. Mr. Oromchian has served as a key opinion leader and legal authority in the dental industry with dental CPAs, consultants, banks, insurance brokers and dental supplies and equipment companies. He is also the author of The Strategic Dentist: An Entrepreneur’s Guide to Owning a Dental Practice.
You can contact him at 925-999-8200 or email firstname.lastname@example.org
Forward this article to a friend
Cyber Threats and HIPAA Compliance: There is Hope
By Patrick Jacobwith, CEO of Sunset Dental Technologies
Are we at the beginning, middle or end? Please let it be the end. Recent events, such as the ones listed below, have caused many in the business community to think these thoughts – especially in healthcare.
Cyber Crime has exploded. The global cost of cybercrime will reach $2 trillion by 2019, a threefold increase from the 2015 estimate of $500 billion. According to Security Intelligence by IBM, last year IDG detected 38% more cybersecurity incidents than the year prior.
HIPAA enforcement is real. According to the Ponemon study, due to the intensity of compliance and regulations, the costs per breach to organizations in the health care and financial services sectors top all other industry groups.
Small Business Beware! Small and midsized organizations (SMBs), defined as those with less than 1000 employees, are hardly immune to cybercrime – actually quite the opposite. According to Keeper Security’s “The State of SMB Cybersecurity” report, a staggering 50% of small and midsized organizations reported suffering at least one cyber-attack in the last 12 months.
A cyber-attack may be considered a HIPAA breach according to the OCR’s Wall of Shame and as outlined in the following headline from Health IT Security: “Cybersecurity Attacks Leading 2016 Data Breach Cause - the top 10 healthcare data breaches of 2016 were mainly caused by cybersecurity attacks, including ransomware and unauthorized access.”
So the marriage has been made. Cyber-attacks are directly linked to HIPAA breaches. This presents a real and present risk to all dental practices. As we know, a breach can occur at any time and many dental practices are still open doors for cyber criminals. We are not at an end, we are more near the beginning. Cyber criminals are well-funded and becoming increasingly organized.
Ransomware – The Latest Wave
What is ransomware? Ransomware is a virus designed to block access to the data in a system until money is paid. Ransomware is usually planted in a clinic’s network environment via an attachment to an email. The virus immediately does three things:
Begins encrypting data on the computers
Sends the decryption key to their own “secret” location
Grabs all contacts and forwards the nasty email (then it looks like a “friendly email”)
There is Hope
What can we do? In the IT managed services arena, the Dental Integrators Association (DIA) recent national conference discussed this topic at length with guests from the FBI Cybersecurity Division. DIA member companies are well aware of the threats and have been working diligently to create solutions. The best thing you can do is work with a managed IT provider who will secure your systems before you have a breach.
Below are a few simple, short-term tips for each of you. Beyond the short term, please build a plan for the long term.
Simple and Practical suggestions for all dental practices:
- Partner with a credible IT/Cyber Security company. The DIA and its member companies take these matters seriously.
- Make Cybercrime and HIPAA a higher priority and invest resources in solutions
- Cyber Tips
- Allow the partners to deploy a credible firewall
- Allow the partners to deploy a credible back-up solution that includes Business Continuity
- Do not open questionable email attachments! Make sure the attachment is clean. Clean can be because the email was sent via encryption, or just call the sender and verify they actually sent the email.
- Build a comprehensive plan to address HIPAA in your organization
- Begin with a HIPAA risk assessment
- Train your staff
- Put Business Associate agreements in place
- Go back to your comprehensive plan
Most importantly, please work with a professional IT company. The Dental Integrators Association is an organization dedicated to educating IT professionals. To be sure you have cutting-edge knowledge on your side, you can find a professional at the Dental Integrators Association website: www.dentalintegrators.org
Patrick Jacobwith is the CEO of Sunset Dental Technologies, a multi-state organization based in Minnesota, and is also the President of the Dental Integrators Association.
Patrick can be reached at email@example.com
Forward this article to a friend