If your office computer is stolen in a burglary, or if your patients’ records are hacked by a dishonest employee of your cloud service provider, can you afford a $400,000 fine?
If I ask nicely, will dentists heed my warnings about HIPAA? Probably not.
If like over 90% of dentists, you are a HIPAA-covered entity, you may recall that I have often recommended that you perform a breach risk assessment BEFORE a breach occurs. It’s no secret that it is the very first item an investigating agent for the OCR will request from a hapless dentist whose patients’ identities have been fumbled. And considering the fine for non-compliance can be hundreds of thousands of dollars – if not millions – a dentist’s practice will be much safer from bankruptcy if the risk assessment is not be dated the night before the OCR pays a visit. Just look what happened to Idaho State University.
“ISU to pay $400K after medical records breach” THE ASSOCIATED PRESS, May 22, 2013.
http://www.therepublic.com/view/story/b5f6a708621e47d3be488bdffa302a2b/ID–HIPAA-Penalty
“A subsequent investigation by the federal agency determined the school in Pocatello hadn’t adequately assessed potential risks to medical information shielded from release by the federal law known as the Health Insurance Portability and Accountability Act, or HIPAA.”
If your office computer is stolen in a burglary, or if your patients’ records are hacked by a dishonest employee of your cloud service provider, can you afford a $400,000 fine?
Arguably, I am the ONLY dentist in the nation willing to publicly warn colleagues about the risk of bankruptcy level HIPAA fines, and I am well beyond avoiding confrontations with shy, unaccountable stakeholders who hide truth for personal power and/or profit.
As a result of bringing unpopular transparency to my profession, I have often been ignored and censored by untrustworthy leaders – including EDR vendors and consultants, online dental publications, the American Dental Association and most recently, Dr. Gordon Christensen’s CR Foundation. Nevertheless. I simply have no respect for deceitful, unaccountable people whose greed causes harm to befall innocent dentists and patients, and I will do whatever it takes to expose stakeholders’ lies. Regardless whether you get even more pissed at me every time I share discomforting information like this… you are still most welcome. My pleasure.
D. Kellus Pruitt DDS
cc: American Dental Association via Sharecare.com