“When it comes to HIPAA, dental practices are definitely not under the radar,” says HIPAA expert Linda Harvey, who cites three examples. It's scary to see how easy it is to make the same mistakes.
The first example is an Indiana dentist who hired a professional company to dispose of 63 boxes of patient records and that company put them in a dumpster in a church parking lot. The dentist was fined $12,000. Before hiring someone to shred and dispose your records, look deeply into their business history.
The second example is an Arkansas oral surgery group that somehow got ransomware on their computer and all their data was locked for a three-week period. They were unable to access their patient records, so as a result, they needed to notify all those patients that their data had possibly been compromised. This is a reminder that no matter how secure you think your systems is, you have got to keep reviewing and updating your security software on a regular basis.
The third example is a Florida practice whose electronic records vendor will not return their records after the practice terminated the vendor’s service. Not only does this violate the end user license agreement, but it's also violates HIPAA. This is apt to become a visible and interesting case as the law is very specific, Harvey said. Even if the dental practice owed that vendor money, the vendor is not allowed to withhold the records.
As serious as these breaches are for the practices involved, Harvey reminds us that the real victims are the patients. HIPAA is the Health Portability and Accountability Act that was signed into law in 1996 to provide security provisions and data privacy.
For more information on HIPAA compliance for dental practices, click here.