fbpx
Home Practice ManagementOperationsHIPPA Compliance The Dental Heist: How HIPAA Foiled a Potential Practice Buyer’s Patient Records Theft
HIPPA ComplianceOperations

The Dental Heist: How HIPAA Foiled a Potential Practice Buyer’s Patient Records Theft

by Amy Wood
written by

Dentist's Quick Thinking Prevents Patient Data Theft

Practice owners transitioning out of clinical dentistry are making surprising mistakes, as revealed by a jaw-dropping incident involving HIPAA compliance.

As a seasoned HIPAA Privacy and Cybersecurity consultant, I had never given much thought to practice transitions, except for concerns about job security. However, that changed when my own dentist shared an astonishing story with me—a story so wild it left me in disbelief, even though I’ve encountered my fair share of bizarre incidents over the years.

The scenario unfolded when the seller dentist and their spouse met a potential buyer at the practice after hours to discuss the numbers and information. The buyer requested sterilizer reports, and while the seller and spouse went to retrieve the data, an alarming sight caught their attention. The buyer had plugged in a thumb drive and was about to access the Dentrix practice management system. The spouse intervened, questioning the buyer’s actions, and discovered an export database window open on the screen. The seller acted swiftly, removing the thumb drive from the computer and securing it.

The situation escalated as the seller dentist returned to the scene, leading to a confrontation. It was later revealed that the potential buyer had been visiting multiple practices in the area, feigning interest in purchasing them while covertly extracting patient lists and contact information. The intent was to send targeted solicitations to these patients, rather than acquiring the practices legitimately.

This incident was not just a case of theft; it also constituted a serious HIPAA violation. An unauthorized individual had unrestricted access to Protected Health Information, with criminal implications under HIPAA. While the federal Office for Civil Rights decided not to pursue a full investigation due to the seller’s intervention, the state dental board took action, suspending the fake buyer’s dental license for Unprofessional Conduct.

Beyond the deceptive actions of the would-be buyer, there were concerns about the HIPAA violation and its potential consequences. HIPAA mandates physical safeguards to prevent unauthorized access to Protected Health Information. In this case, the buyer should never have been left unattended at the computer. A simple solution would have been to lock the screen and require a password for access.

Consider the various individuals who may have access to sensitive patient information within your practice, including cleaning crews and equipment repair technicians. While they are not hired to handle patient data, they could come across it. Locking computer screens is a straightforward and cost-free option that aligns with computer security and, crucially, HIPAA compliance.

Despite having undergone multiple HIPAA courses, the seller neglected to follow these guidelines, nearly allowing a thief and an unethical dentist to tarnish the reputation of the dental profession.

Amy Wood is a best-selling Author, Speaker, Consultant, and Coach. She has a background in Healthcare Information Technology and has spent the last decade as a HIPAA Educator, Risk Assessor, and Data Breach Consultant. Amy’s clients range from small practices to large organizations, and all have benefited from her white-glove approach to security. She is there for her clients before, during, and after a data breach. Amy will not only help you if you are the victim of a data breach, but she will also educate you and your team on how to prevent those costly mistakes in the future! Out of hundreds of Data Breach investigations, her clients have had ZERO patient lawsuits and have paid ZERO fines. With the many certifications Amy has obtained, including the Healthcare Information Security Privacy Practitioner, of which she is one of only 1400 people in the entire country, she could work for the Department of Defense or any hospital in the country. Amy chooses to work in DENTAL because it is an underserved market that needs help. Between owning a company with her husband, having 3 redheaded opinionated daughters, and dealing with many natural disasters in their home of wine country, Amy knows a thing or two about preventing disasters. Or, at least predicting what could go wrong to minimize the destruction.

Leave a Comment

Related Posts

Dental Disruption: How the Change Healthcare Cyber Attack...

Spring Cleaning for Your Practice Software:  Tips for...

Will the HIPAA Police Fine You?

Dentists Can No Longer Hide From HIPAA

How To Not Get Ransomware 

Why do dentists pay such high credit card...

@2024 - All Rights Reserved. The Profitable Dentist

Join Our Community

Get the tools, resources and connections to grow your practice

We will never sell your address or contact information.

Adblock Detected

Please support us by disabling your AdBlocker extension from your browsers for our website.