.st0{fill:#FFFFFF;}

Podcast

3 Dental Offices Learn About OCR – Ep 376 

 October 7, 2022

By  Donna Grindle

Share0
Tweet0
Share0

right of access

OCR’s right of access initiative keeps on churning with three more cases, making a total of 41 violations of patient right of access so far. Dentists are a known problem when it comes to doing anything for HIPAA privacy and security, including right of access requirements. But, they are quickly learning all about OCR enforcements of HIPAA violations.

A 5 star review is all we ask from our listeners.
1x
Apple PodcastsGoogle PodcastPlayer EmbedShare Review Us on Apple PodcastsListen in a New WindowDownloadSoundCloudStitcherSubscribe on AndroidSubscribe via RSSSpotify
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy

In this episode:

3 Dental Offices Learn About OCR – Ep 376

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

The Privacy and Security Boot Camp

3.5 day In Person Event

Mar 12, 13, 14 and 15, 2023

PriSecBootCamp.com

Great idea! Share Help Me With HIPAA with one person this week!

Learn about offerings from the Kardon Club

and HIPAA for MSPs!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

HIPAA Say What!?!

[05:31] Do health apps protect your info? Not usually. Unless you are using one specifically assigned and recommended by your doctor – then maybe.
Health apps share your concerns with advertisers. HIPAA can’t stop it. – The Washington Post

But, when it does apply, you can share information to help the patients get the care they need.

How HIPAA laws are preventing family members from helping their loved ones – CBS Los Angeles

Information Related to Mental and Behavioral Health | HHS.gov

This decision tree addresses health information about adult patients under HIPAA.

HIPAA helps family and friends stay connected with loved ones

3 Dental Offices Learn About OCR

[14:57]

OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA | HHS.gov

Right of access initiative keeps on churning with 3 more cases – making a total of 41 violations of patient right of access. Now that we have the new OCR director, let’s see what we are supposed to glean from this announcement.

These right of access three actions send an important message to dental practices of all sizes that are covered by the HIPAA Rules to ensure they are following the law. Patients have a fundamental right under HIPAA to receive their requested medical records, in most cases, within 30 days. I hope that these actions send the message of compliance so that patients do not have to file a complaint with OCR to have their medical records requests fulfilled.<span class="su-quote-cite"><a href="https://www.hhs.gov/about/news/2022/09/20/ocr-settles-three-cases-dental-practices-patient-right-access-under-hipaa.html" target="_blank">OCR Director Melanie Fontes Rainer</a></span>

Normally we can whiz through these, but a couple of issues need to be addressed in here that aren’t always clearly stated when we review these group resolution agreement announcements. With them doing them in a group, it may help get attention because of the numbers, which I am all for happening. But, I don’t think it gets attention about specifics in these cases because it is one announcement instead of 3. Before we review them, let’s discuss one so-called “elephant in the room.”

Dental is a known prisec problem

There, let’s not just say it and keep moving, let’s discuss the issue. Dentists are a known problem when it comes to doing anything for HIPAA privacy and security. For the most part, they ignore it. I haven’t heard anyone say they work with dental and they have made any headway on this point. Of course, there are exceptions to the rule but very few on this one. OCR is telling dentists to start paying attention over and over in these cases. However, there is very little, if anything, that can be done apparently. Nothing is changing with them even though they have been repeatedly attacked and repeatedly singled out for right of access failures.

We know for a fact that hundreds of dental offices were hit with ransomware in the summer of 2019 when a vendor, DDS Safe, was hit. Remember, they had a website that said with their services you didn’t have to worry about ransomware.

Ransomware Hits Dental Data Backup Service Offering Ransomware Protection

Ransomware attack hits over 400 Dental Practices | Dentist’s Advantage

Hundreds of dental offices crippled by ransomware attack | CNN Politics

We also know they weren’t the only ones hit around that time because smaller pockets of dental practices reported being hit and some of their IT providers just disappeared. Thankfully, not all of them. For example, one that was hit in CO at the end of 2019. They told their clients to just pay the ransom to get their records back because they couldn’t afford the lump payment of $700k. Our partners over at Black Talon helped in some of those cases. One office even had to pay 20 different ransom demands to unlock all of their 50 devices.

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

Even the American Dental Association was hit with ransomware in April 2022, just weeks after they warned dentists about ransomware activity in March.

Ransomware Criminals Strike American Dental Association

ADA advises dentists to be on alert for internet security risks | American Dental Association

The Enforcement Actions

[22:02]

Family Dental Care, P.C. a dental practice located in Chicago, Illinois.

  • Patient complaint to OCR in Aug 2020.
  • A former patient requested her entire medical records in May 2020, but received only portions.
  • After OCR got involved after the complaint the patient got her records in Oct 2020.
  • $30K and 1 year CAP.
[26:13]

Great Expressions Dental Center of Georgia, P.C. a dental and orthodontics provider with multiple locations throughout GA.

  • Patient complaint to OCR Nov 2020.
  • Patient asked for records in Nov 2019 and told it would require a $170 copying fee.
  • After OCR got involved, the patient got records in Feb 2021.
  • $80K and 2 year CAP.
[32:59]

B. Steven L. Hardy, D.D.S., LTD, doing business as Paradise Family Dental (“Paradise”) is a dental practice in Las Vegas, Nevada.

  • Compliant in Oct 2020 to OCR.
  • Mother asking for both her own and minor child’s records.
  • Mother had made multiple requests between April and Dec 2020.
  • First email was ok then email wasn’t ok and a written request with a signature was required.
  • Finally got records Dec 31, 2020.
  • $25K and 2 year CAP.
Go to top

OCR is telling dentists to start paying attention to HIPAA and, in these cases, patient right of access rules. As we like to say, you don’t know what you don’t know. Come to the PriSec Boot Camp to learn about these topics and more.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Listener Survey

Special thanks to our sponsors Security First IT and Kardon.

Share 0
Tweet 0
Share 0

HelpMeWithHIPAA.com Is A
Collaborative Project

Created & Sponsored By: